Sitting with the C-Suite: eDiscovery Priorities – Thoughts on the Next Five Years
Jones Day Presents: Effect of GDPR, CCPA, and FTC on Blockchains
E14: The Three Pillars of GDPR
E13: GDPR Wedding Day & Beyond
E12: GDPR Article 22 and Automated Decision Making
E8: Interview with Cookiebot CEO on Technical Solutions to GDPR Readiness
The guidelines specify the requirements for data controllers to conduct risk assessments related to the transfer or disclosure of personal data outside the Kingdom. ...more
On 23 October 2024, the Data (Use and Access) Bill (the “DUAB”) was introduced to Parliament. The DUAB is the Labour government’s answer to the perceived shortfalls of the since-abandoned Data Protection and Digital...more
Sharing personal data is necessary for most organisations, but it also entails certain data protection risks. Controllers who share personal data with others must, among other obligations, ensure that they comply with the...more
The EDPB launched a website auditing tool to help legal and technical auditors at data protection authorities check whether websites are compliant with the law on 29 January 2024. Controllers and processors can also use the...more
On 8 March 2023, the newly-created Department for Science, Innovation and Technology (“DSIT”) introduced the UK government’s updated proposals for data protection reform in the shape of the Data Protection and Digital...more
The UK government recently introduced a new Data Protection and Digital Information (No. 2) Bill (the “New Bill”). The reforms are intended to update and simplify the UK’s data protection framework and reduce burdens on...more
While countries all over the globe continue to make data privacy strides, comparing similarities and differences between the EU and U.K. is important in light of Brexit. It is also crucial to know the differences as they...more
Areas of interest include anonymisation, “recognised legitimate interests”, and the ICO’s role. The UK Data Protection and Digital Information Bill (the Bill) sets out the government’s proposals for reforming the current...more
The UK government set out its detailed proposals for data protection reform on 18 July 2022 in the form of the Data Protection and Digital Information Bill. Compared with some of the radical ideas in the 2021 public...more
The decision of the UK Supreme Court in Lloyd v Google is a welcome relief for data controllers. However, is it the end of class actions for data breach?...more
As the UK looks to find a new and post-Brexit direction, the UK Government is setting its agenda for developments in regulation, particularly when it comes to technology, data and innovation. We have seen the recent...more
In unanimously refusing to allow a representative action to proceed, the UK Supreme Court may have sounded the death knell for opt-out class actions in England for data breaches: Lloyd v Google [2021] UKSC 50....more
The dust has settled on the new EU standard contractual clauses for cross-border data transfers (“New SCCs”), but confusion still reins on how the New SCCs cover data transfers and what companies need to do to take advantage...more
A recent High Court case examines the liability position where leaks or losses of personal data occur as a result of the actions of a cyber-attacker, rather than as a result of breaches or misuse by the data controller...more
Companies have three months to prepare to use the latest standard contractual clauses for new data transfers, and 18 months to migrate existing arrangements. On 4 June 2021, the European Commission released its...more
This article explores the topic of appointed representatives under Article 27 of the GDPR. What are they? When do you need one? How is regulatory enforcement starting to play out in the EU and in the UK on this issue?...more
The European Commission’s long-awaited updates to the Standard Contractual Clauses (“SCCs”) have arrived. Data protection lawyers globally have eagerly anticipated these changes, which are necessary to address a legal...more
On February 19 2021, the European Union Commission issued its draft adequacy decision for data flows between the European Union (EU) and United Kingdom (UK). Whilst widely expected, this draft decision will provide some...more
On December 17, 2020, the UK Information Commissioner’s Office (‘ICO’) published its Data Sharing Code of Practice (the ‘Code’) following a public consultation which commenced in 2019. The Code focuses mainly on data sharing...more
The Information Commissioner’s Office (ICO), the UK’s data protection authority, has recently published updated guidance on an individual’s right to access their personal data. This OnPoint considers the key issues arising...more
On 21 October 2020 the UK data protection authority (ICO) published a new Right of Access Detailed Guidance (SAR Guidance), following the public consultation on the SAR Draft Guidance (Draft Guidance) which ran from December...more
In a significant decision, the Supreme Court unanimously held that Morrisons, the U.K. supermarket chain, was not vicariously liable for an employee’s significant data breach, reversing the Court of Appeal’s previous...more
The Information Commissioner's Office (ICO) has issued a statement confirming that data protection will not stop the need for businesses to share information quickly, or adapt the way they work to face the unprecedented...more
BREXIT: DEAL OR NO-DEAL? DATA IS THE QUESTION - With the Brexit deadline looming ahead on 31 October 2019, the situation seemingly reaches new levels of uncertainty every day. Last week, the U.K. Supreme Court’s eleven...more
The United Kingdom’s Information Commissioners Office (ICO) has issued, for public consultation, draft guidelines for data sharing that—once adopted —will govern all controller-to-controller data sharing agreements which are...more