On 31 January 2022, the English High Court delivered its judgment in Stadler v Currys Group Limited (EWHC 160 (QB)); the latest in a series of rulings which appear set to constrain the relatively nascent UK data breach claims...more
Takeaways - The U.K. Supreme Court, in its much-anticipated decision in Lloyd v Google, held that “opt-out” representative (class) actions cannot proceed unless the plaintiff proves material damage and shows that each class...more
Prospective Class Action Against Google is Stopped - Summary - The UK Supreme Court has handed down its much anticipated judgment in Lloyd v Google LLC. Google has successfully appealed against the Court of Appeal’s...more
The Supreme Court of the United Kingdom has delivered its long-awaited decision in the case of Lloyd [2021] UKSC 50, rejecting an attempt to bring a representative claim for compensation for "loss of control" over personal...more
The UK Supreme Court handed down its much-anticipated decision in the Lloyd v Google LLC [2021] UKSC 50 case on 10 November 2021 restricting claimants’ ability to bring data privacy class actions in the UK under the (now...more
Since the General Data Protection Regulations ("GDPR") came into force in 2018, companies in the United Kingdom (UK) that have suffered cybersecurity attacks often face civil claims from individuals whose data has been...more
One in five United Kingdom ("UK") internet users are under 18, and, according to the UK's Information Commissioner Office (the "ICO"), "are using an internet that was not designed for them." Under the UK's Data Protection Act...more
The European Commission adopted new versions of the Standard Contractual Clauses (SCCs) on June 4, 2021. The new SCCs finally replace the original SCCs adopted under the 1998 European Data Protection Directive (DPD) and did...more
On April 1, 2020, the U.K. Supreme Court handed down its judgment in the case of WM Morrison Supermarkets plc v Various Claimants [2020] UKSC 12, the first class action-type claim concerning a data breach in the U.K.. In this...more
Good news for employers who can take some comfort in the UK Supreme Court’s judgment – in WM Morrison Supermarkets plc (Appellant) v Various Claimants (Respondents) [2020] UKSC 12 – which held that Morrisons was not liable...more
In Various Claimants v. WM Morrison Supermarkets [2020] UKSC 12, the Supreme Court has reversed the Court of Appeal decision and held that Morrisons supermarket is not liable for the serious (intentional) data breach by its...more
The Information Commissioner's Office (ICO) has issued a statement confirming that data protection will not stop the need for businesses to share information quickly, or adapt the way they work to face the unprecedented...more
The decision to appeal a regulatory finding is never taken lightly. By the time a regulator has completed its investigation and notified a company of its intention to fine, the company will have invested significant time and...more
In this month's Privacy & Cybersecurity Update, we examine several recent U.K.-related cybersecurity developments and the SEC's risk alert reminding investment advisers and broker-dealers to follow through on implementing...more
An employer was held by the Court of Appeal to be vicariously liable for a rogue employee’s deliberate and criminal disclosure of the personal data of other employees. This was despite the employee’s aim being to harm the...more
UK supermarket chain Morrisons has been held vicariously liable for the acts of a malicious employee in the UK’s first data leak class action. The issue began in 2014, when a disgruntled Morrison’s internal IT auditor posted...more
The received wisdom was always that the greatest exposures created by a cyber security incident or data breach were the costs of remediation, business disruption and any regulatory fine. Whilst litigation risk existed, it...more
In Various Claimants v WM Morrisons Supermarket PLC [2017] EWHC3 113 (QB), the High Court considered whether an employer was liable for an employee’s malicious disclosure of personal data belonging to other employees. This...more
A landmark ruling in a group action by employees has found Morrisons Supermarket vicariously liable for a deliberate data breach carried out by a rogue employee, out of working hours and at home on a personal computer. The...more
The United Kingdom High Court recently issued a landmark liability judgment against the supermarket, Morrisons, following a data breach caused by a rogue employee (Various Claimants v. WM Morrisons Supermarket [2017] EWHC3113...more
A few days ago the UK’s Department for Digital, Culture, Media & Sport introduced the Data Protection Bill 2017 (“the Bill”). Once adopted by the legislature, the Bill will replace the Data Protection Act 1998, which is...more
The UK Department for Culture, Media & Sport is planning to present a new Data Protection Bill to the Parliament in early September. This new Bill will replace the current UK Data Protection Act 1998 and will effectively...more
The GDPR will apply to the UK when it is effective on May 25, 2018, but the government will need to adopt domestic data privacy legislation upon the UK’s pending exit from the EU....more
Following the United Kingdom’s nonbinding vote to leave the European Union (“Brexit”), what do businesses need to consider for data privacy compliance?...more
(LONDON) Privacy practitioners from the US and Europe gathered in London on April 30 and May 1 to discuss current thinking about privacy policy, regulation and compliance at the IAPP’s European Data Protection Intensive...more