The Upper Tribunal (UT) has overturned a decision by the First-tier Tribunal (FTT), relating to a Monetary Penalty Notice (MPN) that was issued by the Information Commissioner (ICO). All of this stemmed from a cyber-attack...more
On 7 June 2024, in the case of Harrison v Cameron & Another, the High Court ruled that, in the context of a data subject access request under Article 15 UK GDPR, data subjects are entitled in principle to know the specific...more
This article originally appeared in The Legal Technologist November/December 2023 Issue here. As individuals, we have the legal right to access personal data held by an organisation, and an increasing number of requests are...more
1. Proposal for EU directive for right to repair no longer covering motor vehicles - The European Parliament’s Internal Market and Consumer Protection Committee has voted on a draft report on the proposed EU directive...more
2023 is shaping up to be a landmark year for data privacy, on both sides of the Atlantic. In the US, four new state laws go into effect – two on July 1 – while California is expanding its already robust requirements, and...more
On June 8, 2023, the UK and the U.S. governments issued a joint statement announcing that they had committed in principle to the establishment of a “UK Extension to the Data Privacy Framework,” which would facilitate flows of...more
How should artificial intelligence (“AI”) be governed? This conundrum is rightly receiving considerable attention from governments, businesses and civil society. ...more
By now, you have probably heard about OpenAI’s ChatGPT, an artificially intelligent chatbot, and similar chatbots that have launched in its wake. Since its launch, ChatGPT is estimated to have reached more than 100 million...more
On 8 March 2023 the UK Government released a new version of the Data Protection and Digital Information Bill (the Bill), which is intended to make a series of changes to the UK’s data protection framework found in the UK...more
On March 8, 2023, the Data Protection and Digital Information (No. 2) Bill was introduced to the UK Parliament by the Department for Science, Innovation and Technology (DSIT). If enacted, the Bill will make changes to the UK...more
Areas of interest include anonymisation, “recognised legitimate interests”, and the ICO’s role. The UK Data Protection and Digital Information Bill (the Bill) sets out the government’s proposals for reforming the current...more
The bill would largely build on the UK data protection regime’s EU GDPR-style framework, albeit with UK-specific provisions. The UK government introduced the Data Protection and Digital Information Bill (the Bill) to...more
FTC Publishes Advance Notice of Proposed Rulemaking on Commercial Surveillance and Data Security - Concerned that companies use secret surveillance practices to collect “vast troves” of consumer information, the Federal...more
The UK government has recently published proposals to amend UK data protection legislation with moves towards divergence from EU rules and regulation following the UK’s decision to leave the EU (“Brexit”). The Data Protection...more
On 31 January 2022, the English High Court delivered its judgment in Stadler v Currys Group Limited (EWHC 160 (QB)); the latest in a series of rulings which appear set to constrain the relatively nascent UK data breach claims...more
Takeaways - The U.K. Supreme Court, in its much-anticipated decision in Lloyd v Google, held that “opt-out” representative (class) actions cannot proceed unless the plaintiff proves material damage and shows that each class...more
The highly anticipated UK Supreme Court decision in Lloyd v. Google has brought into focus (1) the operation of the United Kingdom’s collective redress regime brought under the civil procedure rules, particularly the...more
On 10 November 2021, the Supreme Court dismissed the United Kingdom’s first ever “opt-out” class action brought outside of the competition law sector, in Lloyd v Google LLC. The claim, seeking an award of damages of around £3...more
The United Kingdom’s Supreme Court, its highest court, blocked a bid for a $4.3 billion class action against Google over claims the company violated the country’s Data Protection Act (DPA). The claimants alleged that Google...more
Since the introduction of the Data Protection Act (the “DPA”) in 2017, there has been a steady increase in the number of data protection breaches that have been reported to the Office of the Ombudsman . It is expected that...more
On 10 November 2021, the UK Supreme Court handed down its long-awaited decision in Lloyd v Google LLC. In what will be seen as a landmark decision in the fields of data protection and collective actions in the UK, the Supreme...more
Prospective Class Action Against Google is Stopped - Summary - The UK Supreme Court has handed down its much anticipated judgment in Lloyd v Google LLC. Google has successfully appealed against the Court of Appeal’s...more
The Supreme Court of the United Kingdom has delivered its long-awaited decision in the case of Lloyd [2021] UKSC 50, rejecting an attempt to bring a representative claim for compensation for "loss of control" over personal...more
The UK Supreme Court handed down its much-anticipated decision in the Lloyd v Google LLC [2021] UKSC 50 case on 10 November 2021 restricting claimants’ ability to bring data privacy class actions in the UK under the (now...more
On 9 July 2021, the Data Protection Act, 2021 (the DPA) came into force in the British Virgin Islands (the BVI).The DPA applies to all BVI companies, limited partnerships and other entities that process, have control over or...more