Data protection

Reforming data protection

Following a consultation on reforming the UK’s data protection laws – partly designed to “provide an opportunity for the UK to reshape its approach to regulation” post-Brexit – the government has published the Data Protection and Digital Information Bill (previously dubbed the “Data Reform Bill”). The forthcoming legislation follows several years of upheaval to the […]

Alex Heshmaty

Smart doorbells: data protection concerns

As more and more everyday products are produced with internet connectivity – whether it actually improves functionality or is more of a gimmick – there are increased concerns regarding cybersecurity and data protection. The Internet of Things (IoT) refers to both these WiFi-enabled goods and the wider concept of having everything connected to the internet […]

Alex Heshmaty

GDPR fines: implications of the WhatsApp decision

The Irish Data Protection Commission (DPC) recently issued its largest ever fine in respect of a breach of the General Data Protection Regulation (GDPR) by WhatsApp. Following an extensive investigation, it concluded that the messaging service, owned by Facebook, had failed to meet the transparency requirements under articles 12–14 of the GDPR. The DPC had […]

Alex Heshmaty

Key data protection challenges for 2021

Data globalisation after Schrems II Browsing the web. Using apps. Communicating electronically. Shopping online. Working from home. Life as we know it relies on data flowing across geographical borders throughout the world. However, international data transfers have never been more scrutinised. Following the ruling by the Court of Justice of the European Union (CJEU) in […]

Eduardo Ustaran

Information Rights: A Practitioner’s Guide to Data Protection, Freedom of Information and other Information Rights

Retaining the position it has held since first publication, the fifth edition of this leading practitioner text on information law has been thoroughly re-worked to provide comprehensive coverage of the Data Protection Act 2018 and the GDPR. Information Rights has been cited by the Supreme Court, Court of Appeal and others, and is used by […]

Admin

Max Schrems: the return

In the wake of growing data protection concerns around the turn of the century, a framework dubbed “Safe Harbor” was agreed between the EU and the US in 2000, which essentially permitted transatlantic free-flow of personal data. Towards the end of 2015, as a result of one of several legal challenges brought by prolific Austrian […]

Alex Heshmaty

First GDPR level fines in the UK

One of the key changes brought about by the General Data Protection Regulation (GDPR), which came into force on 25 May 2018, was a substantial increase in the maximum fines available for data protection breaches, to the higher of €20 million or 4% of global annual turnover. Any breaches which occurred prior to this date […]

Alex Heshmaty

GDPR – the dust is settling

The panic has receded. The frantic drafting has slowed down. The GDPR – widely regarded as the most ambitious data protection legal framework ever created – is in place and life goes on. As the dust left by the dramatic coming into effect of the GDPR settles, we are beginning to see what the GDPR […]

Eduardo Ustaran

Re-consenting to marketing under GDPR?

One of the questions we’ve most commonly been asked in recent months is “does the GDPR mean we have to get fresh consents from our entire marketing database?” In many (indeed, perhaps most) cases, the answer is “no” – though the explanation for this is not all that straightforward, and so the confusion here is […]

Phil Lee

Thinking strategically about Brexit and data protection

To date, the main legacy of the Brexit referendum of 2016 appears to be a country split in half: some badly wish the UK would continue to be a member of the EU and some are equally keen on making a move. Yet, there seems to be at least one thing on which Remainers and […]

Eduardo Ustaran

A GDPR impact assessment for websites

The General Data Protection Regulation (GDPR) comes into effect in 25 May 2018. It replaces the Data Protection Directive (implemented in the UK as the Data Protection Act 1998). This document addresses GDPR with the narrow focus of websites. For a broader discussion on the impact of GDPR on law firms, you might like to […]

Andrew Gray

GDPR – beyond the panic

“So, have I missed the boat to get ready for the GDPR?” “Will I get fined for not being fully up to speed?” “What is the worst thing that can happen if I am not complying by May 2018?” These are some of the most frequently asked questions currently accompanying the efforts (or lack of […]