On 7 June 2024, in the case of Harrison v Cameron & Another, the High Court ruled that, in the context of a data subject access request under Article 15 UK GDPR, data subjects are entitled in principle to know the specific...more
1. Proposal for EU directive for right to repair no longer covering motor vehicles - The European Parliament’s Internal Market and Consumer Protection Committee has voted on a draft report on the proposed EU directive...more
On June 8, 2023, the UK and the U.S. governments issued a joint statement announcing that they had committed in principle to the establishment of a “UK Extension to the Data Privacy Framework,” which would facilitate flows of...more
The UK government has recently published proposals to amend UK data protection legislation with moves towards divergence from EU rules and regulation following the UK’s decision to leave the EU (“Brexit”). The Data Protection...more
This briefing highlights a number of international pay and employee benefits legal issues that carry potentially severe penalties. Each of these issues is well worth a review now to avoid future consequences. International...more
On 28 June, the European Commission adopted its Adequacy Decision for the UK, putting to an end (at least for now), the uncertainty surrounding EU to UK personal data flows. This averted a “cliff edge” in the shape of the 30...more
The European Commission adopted new versions of the Standard Contractual Clauses (SCCs) on June 4, 2021. The new SCCs finally replace the original SCCs adopted under the 1998 European Data Protection Directive (DPD) and did...more
In one of the world’s first test cases regarding the legality of the use of automated facial recognition and biometric technology, on 11 August 2020 the English Court of Appeal handed down judgment in R (Bridges) v CC South...more
In this month's edition, we examine the Court of Justice of the European Union's decision invalidating the EU-U.S. Privacy Shield framework, as well as the U.S. government's response to the decision. We also examine two...more
Following the outbreak of COVID-19 and its development into a global pandemic, organisations have been implementing exceptional measures to safeguard employees, customers and others against the health threat that is being...more
The CCPA took effect on 1 January 2020, introducing significant compliance burdens for most businesses that collect personal information about California residents. The reach of the CCPA extends beyond California and the US;...more
Since the referendum to leave the EU rocked the UK in 2016, commentators, privacy personnel, and corporate officers alike have been speculating as to how Brexit will affect Britain’s subjugation to the General Data Protection...more
In this month's Privacy & Cybersecurity Update, we examine several recent U.K.-related cybersecurity developments and the SEC's risk alert reminding investment advisers and broker-dealers to follow through on implementing...more
The DIFC guidelines provide practical guidance for DIFC-registered entities engaging in electronic direct marketing, including useful “dos” and “don’ts”. What Do DIFC-Registered Entities Need to Know? In January 2019,...more
A data subject (defined in the GDPR as an identified or identifiable natural person) has a right under the General Data Protection Regulation (GDPR) to make a data subject access request (DSAR) to find out what personal data...more
In this month's edition of our Privacy & Cybersecurity Update, we examine the European Data Protection Board's published opinions on data protection impact assessments, an Ohio court's ruling that bitcoin is covered insured...more
Brexit raises critical issues regarding the future transfer of personal data outside of the EU, not least as to the role of the UK Data Protection Authority, the Information Commissioner’s Office (“ICO”), and as to its...more
The Grand Chamber of the European Court of Human Rights (ECtHR) held in Barbulescu v Romania (Application no. 61496/08) last week that there was a breach of the right to privacy where an employer searched the contents of an...more
The UK's Information Commissioner, Elizabeth Denham, has launched a series of blogs designed to “bust some of the myths” which she believes have developed around the EU General Data Protection Regulation (GDPR). Her first...more
The UK Department for Culture, Media & Sport is planning to present a new Data Protection Bill to the Parliament in early September. This new Bill will replace the current UK Data Protection Act 1998 and will effectively...more
In less than one year, from 25 May 2018, the General Data Protection Regulation (GDPR or Regulation) will become enforceable. The GDPR introduces a rigorous, far-reaching privacy framework for businesses that operate, target...more
The GDPR will apply to the UK when it is effective on May 25, 2018, but the government will need to adopt domestic data privacy legislation upon the UK’s pending exit from the EU....more
Last week, the UK’s Information Commissioner’s Office (ICO) published a monetary penalty notice which fined a private healthcare company, HCA International, £200,000 for its failure to keep sensitive data secure....more
The Court of Appeal’s ruling in Dawson-Damer v Taylor Wessing offers beneficiaries rights of access to personal data held by trustees and their legal advisers. This is a landmark case in which our clients, the claimants,...more
Brexit — Keep Calm and Carry On - The Brexit referendum elicited strong feelings amongst “Leavers” and “Remainers”, and will likely continue to do so. In the UK it is generally not as common for co-workers to discuss...more