The Supreme Court has overturned the Court of Appeal decision in Various Claimants v WM Morrison Supermarkets Plc [2018] EWHC Civ 2339 finding the appellant (“Morrisons”) not vicariously liable for the illegal acts of a rogue employee. It was a unanimous decision. The Supreme Court judgment is available here. The Supreme Court considered: 1. Whether […]
In this podcast, I discuss data protection and the GDPR with Hatti Suvari. Get Legally Speaking is a podcast series that is supported by the Bar Council, which aims to explain different areas of law to the public. This is Part 1 of a series of podcasts related to data protection and privacy that will […]
The General Data Protection Regulation 2016/679 (‘GDPR’) has introduced the concept of ‘Data Protection by Design and Default’ (‘DPbDD’) into the data protection framework.[1] ‘Privacy by Design’ is not a new concept; it was formulated by the Information and Privacy Commissioner of Ontario in the 1990’s and is based on seven foundational principles[2]. Whilst Article […]
ECJ case C-673/17 (Planet 49) To read the judgment click here. In this case the Court of Justice of the European Union (“CJEU”) was asked to consider a series of questions in relation to the use of pre-ticked checkboxes and cookies. It held the following: A pre-ticked checkbox, which a user must de-select to refuse […]
By Tom Orrell & Melissa Stock Privacy law has never been a straightforward affair in England. Its development has been piecemeal over the past two centuries.[1] In fact the laws that govern information today are spread across multiple frameworks, including: libel (protecting reputation), data protection (rights over the processing of personal data), breach of confidence […]
The Article 29 Data Protection Working Party recently issued guidelines on fines for the purposes of the General Data Protection Regulation (‘GDPR’). Article 83(1) of the GDPR states that supervisory authorities should identify corrective measures that are “effective, proportionate and dissuasive”. Article 83(2) is the starting point for assessing a case for the purpose of […]
The Article 29 Data Protection Working Party (‘A29WP’) recently issued guidelines on personal data breach reporting under the General Data Protection Regulation (‘GDPR’). The GDPR obliges data controllers to report personal data breaches to data protection authorities within 72 hours unless the breach is ‘unlikely to result in a risk to the rights and freedoms’ […]
