On 7 June 2024, in the case of Harrison v Cameron & Another, the High Court ruled that, in the context of a data subject access request under Article 15 UK GDPR, data subjects are entitled in principle to know the specific...more
This article originally appeared in The Legal Technologist November/December 2023 Issue here. As individuals, we have the legal right to access personal data held by an organisation, and an increasing number of requests are...more
2023 is shaping up to be a landmark year for data privacy, on both sides of the Atlantic. In the US, four new state laws go into effect – two on July 1 – while California is expanding its already robust requirements, and...more
On June 8, 2023, the UK and the U.S. governments issued a joint statement announcing that they had committed in principle to the establishment of a “UK Extension to the Data Privacy Framework,” which would facilitate flows of...more
How should artificial intelligence (“AI”) be governed? This conundrum is rightly receiving considerable attention from governments, businesses and civil society. ...more
On 8 March 2023 the UK Government released a new version of the Data Protection and Digital Information Bill (the Bill), which is intended to make a series of changes to the UK’s data protection framework found in the UK...more
On March 8, 2023, the Data Protection and Digital Information (No. 2) Bill was introduced to the UK Parliament by the Department for Science, Innovation and Technology (DSIT). If enacted, the Bill will make changes to the UK...more
Areas of interest include anonymisation, “recognised legitimate interests”, and the ICO’s role. The UK Data Protection and Digital Information Bill (the Bill) sets out the government’s proposals for reforming the current...more
The bill would largely build on the UK data protection regime’s EU GDPR-style framework, albeit with UK-specific provisions. The UK government introduced the Data Protection and Digital Information Bill (the Bill) to...more
FTC Publishes Advance Notice of Proposed Rulemaking on Commercial Surveillance and Data Security - Concerned that companies use secret surveillance practices to collect “vast troves” of consumer information, the Federal...more
The UK government has recently published proposals to amend UK data protection legislation with moves towards divergence from EU rules and regulation following the UK’s decision to leave the EU (“Brexit”). The Data Protection...more
On 31 January 2022, the English High Court delivered its judgment in Stadler v Currys Group Limited (EWHC 160 (QB)); the latest in a series of rulings which appear set to constrain the relatively nascent UK data breach claims...more
Takeaways - The U.K. Supreme Court, in its much-anticipated decision in Lloyd v Google, held that “opt-out” representative (class) actions cannot proceed unless the plaintiff proves material damage and shows that each class...more
The United Kingdom’s Supreme Court, its highest court, blocked a bid for a $4.3 billion class action against Google over claims the company violated the country’s Data Protection Act (DPA). The claimants alleged that Google...more
On 10 November 2021, the UK Supreme Court handed down its long-awaited decision in Lloyd v Google LLC. In what will be seen as a landmark decision in the fields of data protection and collective actions in the UK, the Supreme...more
Prospective Class Action Against Google is Stopped - Summary - The UK Supreme Court has handed down its much anticipated judgment in Lloyd v Google LLC. Google has successfully appealed against the Court of Appeal’s...more
The Supreme Court of the United Kingdom has delivered its long-awaited decision in the case of Lloyd [2021] UKSC 50, rejecting an attempt to bring a representative claim for compensation for "loss of control" over personal...more
The UK Supreme Court handed down its much-anticipated decision in the Lloyd v Google LLC [2021] UKSC 50 case on 10 November 2021 restricting claimants’ ability to bring data privacy class actions in the UK under the (now...more
Since the General Data Protection Regulations ("GDPR") came into force in 2018, companies in the United Kingdom (UK) that have suffered cybersecurity attacks often face civil claims from individuals whose data has been...more
This briefing highlights a number of international pay and employee benefits legal issues that carry potentially severe penalties. Each of these issues is well worth a review now to avoid future consequences. International...more
On 28 June, the European Commission adopted its Adequacy Decision for the UK, putting to an end (at least for now), the uncertainty surrounding EU to UK personal data flows. This averted a “cliff edge” in the shape of the 30...more
Report on Supply Chain Compliance 3, no. 16 (August 20, 2020) - “Three senior judges said that South Wales Police had violated the right to privacy under the European Convention on Human Rights, as well as data protection...more
In this month's edition, we examine the Court of Justice of the European Union's decision invalidating the EU-U.S. Privacy Shield framework, as well as the U.S. government's response to the decision. We also examine two...more
The protections afforded by the GDPR and the UK’s 2019 Data Protection Act (‘DPA’) are not naturally associated with efforts to frustrate and restrict the use of the death penalty internationally. However, the recent Supreme...more
The Information Commissioner’s Office (ICO) recently issued guidance for employers on the issues they need to bear in mind when considering the introduction of testing as part of their arrangements for returning staff to the...more