The UK Supreme Court handed down its much-anticipated decision in the Lloyd v Google LLC [2021] UKSC 50 case on 10 November 2021 restricting claimants’ ability to bring data privacy class actions in the UK under the (now...more
In this month's edition, we examine the Court of Justice of the European Union's decision invalidating the EU-U.S. Privacy Shield framework, as well as the U.S. government's response to the decision. We also examine two...more
In a decision that will come as a relief to many businesses, the UK Supreme Court has unanimously held that companies should not be held vicariously liable for the actions of rogue employees who leak personal data....more
Following the outbreak of COVID-19 and its development into a global pandemic, organisations have been implementing exceptional measures to safeguard employees, customers and others against the health threat that is being...more
UK supermarket chain Morrisons has been held vicariously liable for the acts of a malicious employee in the UK’s first data leak class action. The issue began in 2014, when a disgruntled Morrison’s internal IT auditor posted...more
In this month's edition of our Privacy & Cybersecurity Update, we examine the European Data Protection Board's published opinions on data protection impact assessments, an Ohio court's ruling that bitcoin is covered insured...more
The U.K. Information Commissioner’s Office announced it will impose the maximum fine of $660,000 for Facebook’s breach of the U.K. Data Protection Act (see Notice of Intent). ...more
This OnPoint reports on the Court of Appeal judgment in Dawson-Damer & Ors v Taylor Wessing LLP, handed down on 16 February 2017, which addresses two key aspects of the legislation enabling individuals to lodge subject access...more
Dealing with a subject access request (SAR), whether or not the person making the request is an employee, can be very time consuming. The Information Commissioner’s Office (ICO) issued a Code of Practice in August 2013 on...more