On 31 January 2022, the English High Court delivered its judgment in Stadler v Currys Group Limited (EWHC 160 (QB)); the latest in a series of rulings which appear set to constrain the relatively nascent UK data breach claims...more
Takeaways - The U.K. Supreme Court, in its much-anticipated decision in Lloyd v Google, held that “opt-out” representative (class) actions cannot proceed unless the plaintiff proves material damage and shows that each class...more
Prospective Class Action Against Google is Stopped - Summary - The UK Supreme Court has handed down its much anticipated judgment in Lloyd v Google LLC. Google has successfully appealed against the Court of Appeal’s...more
The UK Supreme Court handed down its much-anticipated decision in the Lloyd v Google LLC [2021] UKSC 50 case on 10 November 2021 restricting claimants’ ability to bring data privacy class actions in the UK under the (now...more
Since the General Data Protection Regulations ("GDPR") came into force in 2018, companies in the United Kingdom (UK) that have suffered cybersecurity attacks often face civil claims from individuals whose data has been...more
One in five United Kingdom ("UK") internet users are under 18, and, according to the UK's Information Commissioner Office (the "ICO"), "are using an internet that was not designed for them." Under the UK's Data Protection Act...more
The European Commission adopted new versions of the Standard Contractual Clauses (SCCs) on June 4, 2021. The new SCCs finally replace the original SCCs adopted under the 1998 European Data Protection Directive (DPD) and did...more
In this month's edition, we examine the Court of Justice of the European Union's decision invalidating the EU-U.S. Privacy Shield framework, as well as the U.S. government's response to the decision. We also examine two...more
On April 1, 2020, the U.K. Supreme Court handed down its judgment in the case of WM Morrison Supermarkets plc v Various Claimants [2020] UKSC 12, the first class action-type claim concerning a data breach in the U.K.. In this...more
The decision to appeal a regulatory finding is never taken lightly. By the time a regulator has completed its investigation and notified a company of its intention to fine, the company will have invested significant time and...more
The U.K. Information Commissioner’s Office, the U.K.’s independent body for the upholding of information rights in the public interest, has issued a consultation paper on proposals that it be granted investigative and other...more
In this month's Privacy & Cybersecurity Update, we examine several recent U.K.-related cybersecurity developments and the SEC's risk alert reminding investment advisers and broker-dealers to follow through on implementing...more
In this month's edition of our Privacy & Cybersecurity Update, we examine the European Data Protection Board's published opinions on data protection impact assessments, an Ohio court's ruling that bitcoin is covered insured...more
The received wisdom was always that the greatest exposures created by a cyber security incident or data breach were the costs of remediation, business disruption and any regulatory fine. Whilst litigation risk existed, it...more
A landmark ruling in a group action by employees has found Morrisons Supermarket vicariously liable for a deliberate data breach carried out by a rogue employee, out of working hours and at home on a personal computer. The...more
A few days ago the UK’s Department for Digital, Culture, Media & Sport introduced the Data Protection Bill 2017 (“the Bill”). Once adopted by the legislature, the Bill will replace the Data Protection Act 1998, which is...more
The UK Department for Culture, Media & Sport is planning to present a new Data Protection Bill to the Parliament in early September. This new Bill will replace the current UK Data Protection Act 1998 and will effectively...more
The GDPR will apply to the UK when it is effective on May 25, 2018, but the government will need to adopt domestic data privacy legislation upon the UK’s pending exit from the EU....more
General Data Protection Regulation Update - As reported in the April Locke Lord Privacy & Cybersecurity Newsletter, the European Parliament gave the final approval to the General Data Protection Regulation (GDPR) on...more
Following the United Kingdom’s nonbinding vote to leave the European Union (“Brexit”), what do businesses need to consider for data privacy compliance?...more