Meta verification subscription service signals end to data for free services

On 19 February 2023, Meta founder and CEO Mark Zuckerberg announced the launch of a paid subscription service, “Meta Verified”, which will allow Facebook and Instagram users to verify their accounts. Previously, verified badges were reserved for public figures or businesses, and were free of charge. But now users will be able to get a blue verification badge, by paying a fee of US$11.99-$14.99 a month.

Data breach claim transferred from High Court to County Court

This blog examines a recent case that highlights that the High Court is not necessarily suitable for low-value data breach claims. In Cleary v Marston (Holdings) Ltd [2021] EWHC 3809, the claimants issued their claim in the High Court on the basis that a specialist judge was required and that the very high legal costs would only be fully recoverable if the claim were handled by the High Court.  However, the judgment found that the straightforward nature of the case, including its factual matrix, meant that it was more appropriate for the County Court.

EU-US draft adequacy decision now published

Following the signature of a US Executive Order by President Biden on 7 October 2022 (the "Executive Order"), on 13 December 2022, the European Commission published a draft adequacy decision for the EU-U.S. Data Privacy Framework (the "Draft Adequacy Decision"). The Draft Adequacy Decision has now been transmitted to the European Data Protection Board ("EDPB") for its opinion.

Remediating SCCs deadlines: are you ready?

REMINDER - 27 December 2022 is the deadline for updating your old EU SCCs, as after that date they will no longer be valid as a safeguard for transfers of personal data under EU GDPR. If your live contracts contain the old SCCs, do get in touch about our remediation services – including our automated software tools – for assistance in remediating your transfer documentation, whether for the new EU SCCs or the post-Brexit UK GDPR transfers safeguards. Our timeline pullout (here) has the key international transfers deadlines for your calendar.

Stabilising transatlantic data flows: Examining the role of the new EU-US Data Privacy Framework

The Executive Order

On 7 October 2022, US President Joe Biden signed an Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities (the "Executive Order"). The Executive Order is a key part of the EU-US Data Privacy Framework (the "Framework"), which is intended to replace the Privacy Shield safeguard for EU GDPR personal data exports to the United States of America. Alongside the Executive Order, the Attorney General signed Department of Justice Regulations (Attorney General Order No. 5517-2022) (the “Regulations”) which are designed to complement the Framework in stabilising trans-Atlantic transfers.

The fourth anniversary of the GDPR: what's happened and what's next

On the 25 May 2018, the General Data Protection Legislation ("GDPR") came into effect in the EU. Since then, the global data protection stage has seen many key developments. Four years on, the GDPR has become the new world standard for privacy and data protection, with as many as 20 countries around the world introducing new legislation that uses the GDPR as a model to shape their own data protection principles. On this anniversary, we look back at the key privacy milestones since 2018 and consider what the future of the GDPR looks like for UK businesses.


Data Reform Bill announced in Queen’s Speech

On 10 May 2022, it was announced in the Queen's Speech that the UK's data protection regime will be reformed through the introduction of the Data Reform Bill (the "Bill"). This follows the Government's consultation paper on reforms to the UK's data protection regime last September.

Facial recognition goes to war: How AI is being used in Ukraine

The Ukrainian government is reportedly using software developed by Clearview AI Inc. ("Clearview") to identify the bodies of Russian soldiers, killed in combat, to inform their family of their death.

Guidance issued by the EDPB on international transfers of personal data

On 18 November 2021, the European Data Protection Board (the "EDPB") adopted guidelines (the "Guidelines") on the interplay between Article 3 and Chapter V of the EU General Data Protection Regulation ("GDPR").  The objective of the Guidelines is to assist data controllers and data processors, especially those within the EU, with identifying an international transfer. The Guidelines are also intended to address uncertainties that have emerged following the European Commission's new standard contractual clauses, published in June 2021.