UK: ICO announces first ‘mega fines’ for data breach under GDPR

In the last couple of days, the Information Commissioner’s Office has issued two notices of intent to impose the first ‘mega fines’ under the GDPR regime for data breaches by British Airways (for £183.39 milion) and Marriott International (for £99.2 million).  Both companies now have the chance to respond to the notices of intent, after … Read more

UK: right to privacy in relation to personal emails and WhatsApp messages

The European Court of Human Rights in Garamukanwa v United Kingdom has confirmed that the right to privacy can theoretically apply in relation to communications sent from a workplace email address, or which touch on both professional and private matters. However, in this case, the employee did not have a reasonable expectation of privacy in … Read more

Hong Kong: Data Access Request or Pre-Action Discovery in Disguise?

Employers control the extent of information that they provide employees – from how well they are meeting KPIs, to internal discussions about grievances, remuneration and disciplinary actions. In the majority of cases, employers have no obligation to provide to employees information setting out the basis for remuneration or disciplinary outcomes including information which is part … Read more

Compliance Check: China – changes to how employers handle personal data

The Chinese Cybersecurity Law (CSL) introduced in 2017 is the nation’s first comprehensive privacy and security regulation for cyberspace, setting out strict controls on companies operating in China over their online activities, data storage and handling of personal information. The National Standard (GB/T 35273–2017) provided detailed guidance on the collection, use and storage of personal … Read more

UK: DSAR ruling confirms that descriptions of the purposes of processing and recipients of personal data can be general, but actual identity of sources must be provided

The recent High Court judgment in Rudd v Bridle & J&S Bridle Ltd provides some useful guidance on subject access requests under the Data Protection Act 1998 (equally relevant to the new GDPR regime). Dr Rudd, a medical expert on exposure to asbestos, was the subject of a campaign by a lobbyist for the asbestos … Read more

France: Recent and Upcoming Labour Reforms

Several important employment law reforms have come into force recently or will come into force shortly, both at the EU and French level. Below are some of the changes to expect for 2019: Read more