This is an overview of DB v The General Medical Council (‘GMC’) [2018] EWCA Civ 1497 in the Court of Appeal. It is now the leading judgment in the approach to be taken on disclosure in so-called mixed personal data cases – that is subject access requests where the information requested by the data subject […]
This is an overview of the e-Privacy Regulation (‘ePR’), which will replace Directive 2002/58/EC (Regulation on Privacy and Electronic Communications), or ‘e-Privacy Directive’. The e-Privacy Directive protects the confidentiality of electronic communications and applies to publicly available electronic communications services. In the U.K., the Privacy and Electronic Communications Regulation (“PECR”) implements the e-Privacy Directive. In […]
Employee Computer Files The European Court of Human Rights (ECtHR) has ruled that an employer may ‘freely consult’ an employee’s computer file that is not private, so long as the company’s IT charter makes a provision to do so. In Libert v France (Application No 588/13), an employee of SNCF (France’s national railway company) was […]
Last week an important case was decided in the High Court on the so-called ‘Right to be Forgotten’. The Claimants, NT1 and NT2, are businessmen who asked Google to remove links to search results that revealed their past convictions. The High Court judgment is lengthy and comprehensive. For those who wish to analyse the case […]
The Facts On 12 January 2014, an employee of the Defendant “Morrisons” posted a file containing the personal details of almost 100,000 colleagues on the Internet. Mr Andrew Skelton, a senior IT Auditor at Morrisons, was later charged and convicted under the Computer Misuse Act 1990 and section 55 of the Data Protection Act 1998 […]
The Article 29 Data Protection Working Party recently issued guidelines on fines for the purposes of the General Data Protection Regulation (‘GDPR’). Article 83(1) of the GDPR states that supervisory authorities should identify corrective measures that are “effective, proportionate and dissuasive”. Article 83(2) is the starting point for assessing a case for the purpose of […]
The Article 29 Data Protection Working Party (‘A29WP’) recently issued guidelines on personal data breach reporting under the General Data Protection Regulation (‘GDPR’). The GDPR obliges data controllers to report personal data breaches to data protection authorities within 72 hours unless the breach is ‘unlikely to result in a risk to the rights and freedoms’ […]
