In the U.K., and elsewhere in the world, the burning question at the moment is how we move forward in this pandemic, not just from a health perspective, but from an economic perspective as well. We all want to know what the so-called ‘exit strategy’ will be. One of the possible facets of the strategy […]
The General Data Protection Regulation 2016/679 (‘GDPR’) has introduced the concept of ‘Data Protection by Design and Default’ (‘DPbDD’) into the data protection framework.[1] ‘Privacy by Design’ is not a new concept; it was formulated by the Information and Privacy Commissioner of Ontario in the 1990’s and is based on seven foundational principles[2]. Whilst Article […]
R (Bridges) v Chief Constable of South Wales Police and Others [2019] EWHC 2341 (Admin) To read the judgment click here. The High Court turned down an application for judicial review of the decision by South Wales Police to use automated facial recognition technology in a pilot project. The project involved the capture of digital […]
ECJ case C-673/17 (Planet 49) To read the judgment click here. In this case the Court of Justice of the European Union (“CJEU”) was asked to consider a series of questions in relation to the use of pre-ticked checkboxes and cookies. It held the following: A pre-ticked checkbox, which a user must de-select to refuse […]
The Information Commissioner’s Office (ICO) published its 2018/2019 Annual Report on 8 July 2019. Here is a short summary: The number of enquiries the ICO received increased by 66% to just under half a million. The number of data protection complaints almost doubled compared with the previous year. Subject Access Requests made up the largest […]
By Tom Orrell & Melissa Stock Privacy law has never been a straightforward affair in England. Its development has been piecemeal over the past two centuries.[1] In fact the laws that govern information today are spread across multiple frameworks, including: libel (protecting reputation), data protection (rights over the processing of personal data), breach of confidence […]
This is an overview of DB v The General Medical Council (‘GMC’) [2018] EWCA Civ 1497 in the Court of Appeal. It is now the leading judgment in the approach to be taken on disclosure in so-called mixed personal data cases – that is subject access requests where the information requested by the data subject […]
The Facts On 12 January 2014, an employee of the Defendant “Morrisons” posted a file containing the personal details of almost 100,000 colleagues on the Internet. Mr Andrew Skelton, a senior IT Auditor at Morrisons, was later charged and convicted under the Computer Misuse Act 1990 and section 55 of the Data Protection Act 1998 […]
The Article 29 Data Protection Working Party recently issued guidelines on fines for the purposes of the General Data Protection Regulation (‘GDPR’). Article 83(1) of the GDPR states that supervisory authorities should identify corrective measures that are “effective, proportionate and dissuasive”. Article 83(2) is the starting point for assessing a case for the purpose of […]
The Article 29 Data Protection Working Party (‘A29WP’) recently issued guidelines on personal data breach reporting under the General Data Protection Regulation (‘GDPR’). The GDPR obliges data controllers to report personal data breaches to data protection authorities within 72 hours unless the breach is ‘unlikely to result in a risk to the rights and freedoms’ […]
