2018 was a landmark year for digital TMT and sourcing. Against the backdrop of the UK's impending departure from the EU, there were a wealth of highlights as regulation moved further towards greater harmonisation at the European level; the… Read more

2018 was a landmark year for data protection and privacy; the EU General Data Protection Regulation ("GDPR") came into effect on 25 May 2018 and implemented a comprehensive reform of the EU data protection regime. So what could 2019 possibly have in store for… Read more

The UK Government has published a "no deal" note to clarify how data protection law will work in the event that the UK leaves the EU without a deal. The note confirms that separate draft regulations and more detailed guidance… Read more

On 23 November 2018, the European Data Protection Board (the "EDPB") published its draft guidelines on Article 3 of the GDPR, being the provision that sets out the territorial scope of Europe's data protection legislation. The guidelines are only in… Read more

The House of Commons Treasury Committee has launched an inquiry into IT failures in the financial services sector. The inquiry will focus on the causes and consequences of operational incidents in the financial services sector and will examine the work… Read more

Following a UK Cabinet meeting on 14 November 2018, the UK Government has announced support for the text of a draft Withdrawal Agreement and an outline of the Political Declaration on the Future Relationship agreed with EU negotiators. The Withdrawal… Read more

The UK data protection regulator, the Information Commissioner’s Office (ICO), has issued its first enforcement notice under the EU’s new strict data protection law, the General Data Protection Regulation (679/2016/EU) (GDPR). The notice is particularly noteworthy because it has been… Read more

The Court of Appeal has today dismissed an appeal against the High Court's decision that Morrisons was vicariously liable for its employee’s misuse of data, despite: (i) Morrisons having done as much as it reasonably could to prevent the misuse;… Read more

On 13 September 2018, the UK Government published a series of technical notes setting out the implications in various sectors and areas of a 'no deal' scenario (i.e. a scenario in which the UK leaves the EU without an agreement),… Read more

On 17 July 2018, the EU Commission (“Commission”) and Japan concluded the negotiations on a reciprocal finding of an adequate level of data protection by both sides. Under the General Data Protection Regulation (“GDPR”) which became effective across Europe on… Read more

The GDPR came into force on 25 May 2018 and brought with it additional rights for individuals and additional obligations for organisations. It also extends its reach beyond European borders and applies not just to companies within the EEA but… Read more

In anticipation of the GDPR, various guidance has been published by the Article 29 Working Party, the body of national EU data regulators. Of most relevance in the cyber context is the guidance on personal data breach notifications; the Article… Read more

In light of the booming market of the Internet of Things (“IoT”) and of the General Data Protection Regulation (“GDPR”), the Information Commissioner’s Office (“ICO”) has published an article focusing on the key factors manufacturers and retailers of IoT devices… Read more

Many people believe that we are currently witnessing a fourth industrial or technological revolution, with the advent and increasing use of a wave of disruptive technology. Over the past fi ve years, the market has seen the arrival of a… Read more

Cyber security remains in the public eye with multiple incidents and vulnerabilities reported affecting telecoms companies. Telecoms companies need to continue to focus on the risks and consider updating their pro-active defence and cyber security response plans to reflect the… Read more

On 1 December 2017, the High Court handed down its judgment on the UK's first class action arising from a data breach (Various Claimants v Morrisons). The High Court allowed the claim and deemed Morrisons to be vicariously liable for… Read more

In the run up to the GDPR applying from next year, there has been a variety of practical guidance for compliance at the European level through the Article 29 Working Party (“WP29”) (which reflects the consolidated view of national supervisory… Read more

The GDPR introduces a new mandatory requirement for all controllers to notify the appropriate data protection authority of a “personal data breach” likely to result in a risk to people’s rights and freedoms, for example following a cyber-attack. This will… Read more

Following its Second Reading in the House of Lords, on 22 November 2017 the draft Data Protection Bill (the “Bill”) passed the Committee Stage and will next be considered at the Report Stage on 11 December 2017. The Bill was… Read more

The Department of Health published its Review of Data Security, Consent and Opt-Outs (the “Review”) earlier this year. Incidents such as WannaCry (refer to article above for more detail) have created awareness of the ease and speed with which cyber-attacks… Read more

The post below was first published on our Employment blog Last week the UK Government released its negotiating position paper on international transfers of personal data within the EEA (The Exchange and Protection of Personal Data). Once the UK leaves… Read more

On 18 July 2017 the House of Lords European Union Committee (the "Committee") published a report covering the impact of Brexit on four aspects of the EU Data Protection Package: the General Data Protection Regulation (the "GDPR") which will become… Read more

The Investigatory Powers Act 2016 (the "Act") received Royal Assent on 29 November 2016. Dubbed the "Snoopers' Charter" it has been heavily criticised by various commentators, including the advocacy group Liberty. The main source of criticism has been around the… Read more

On 3 July 2017 the Information Commissioner's Office ("ICO") determined that the Royal Free NHS Foundation Trust (the "Trust") had breached the Data Protection Act 1998 (the "Act") when it provided patient details to Google's DeepMind. The Trust provided personal… Read more

On 12 July 2016 the European Commission adopted an "adequacy decision" allowing for the transatlantic transfer of personal data from the EU to the US in accordance with the framework and principles of the EU-US Privacy Shield (the "Privacy Shield").… Read more

On 4 July 2017 the Independent Press Standards Organisation (the "IPSO") published guidance for editors and journalists seeking advice on how the Editors' Code of Practice applies to the use of material taken from social media to support or illustrate… Read more

On 21 June 2017 the Queen's Speech was delivered in the Houses of Parliament and announced a number of measures relevant to the TMT sector. ... Read more

On 8 June 2017, the Council of the EU adopted its position on a proposed directive setting out new rules for business-to-consumer contracts for the supply of digital content and digital services. This follows the European Commission's proposal for the… Read more

Last month the Council of the European Union published its progress report on the first draft of the ePrivacy Regulation (the "Draft Regulation"). The Draft Regulation was issued by the EC in January of this year and focuses on the… Read more

The European Commission published its first draft of the EU General Data Protection Regulation ("GDPR") in January 2012, which set out a comprehensive reform of the current existing EU regime. The reform was designed to give citizens more control and… Read more