Blog
Data breach claim transferred from High Court to County Court
This blog examines a recent case that highlights that the High Court is not necessarily suitable for low-value data breach claims. In Cleary v Marston (Holdings) Ltd [2021] EWHC 3809, the claimants issued their claim in the High Court on the basis that a specialist judge was required and that the very high legal costs would only be fully recoverable if the claim were handled by the High Court. However, the judgment found that the straightforward nature of the case, including its factual matrix, meant that it was more appropriate for the County Court.
EU-US draft adequacy decision now published
Following the signature of a US Executive Order by President Biden on 7 October 2022 (the "Executive Order"), on 13 December 2022, the European Commission published a draft adequacy decision for the EU-U.S. Data Privacy Framework (the "Draft Adequacy Decision"). The Draft Adequacy Decision has now been transmitted to the European Data Protection Board ("EDPB") for its opinion.
Remediating SCCs deadlines: are you ready?
REMINDER - 27 December 2022 is the deadline for updating your old EU SCCs, as after that date they will no longer be valid as a safeguard for transfers of personal data under EU GDPR. If your live contracts contain the old SCCs, do get in touch about our remediation services – including our automated software tools – for assistance in remediating your transfer documentation, whether for the new EU SCCs or the post-Brexit UK GDPR transfers safeguards. Our timeline pullout (here) has the key international transfers deadlines for your calendar.
Stabilising transatlantic data flows: Examining the role of the new EU-US Data Privacy Framework
The Executive Order
On 7 October 2022, US President Joe Biden signed an Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities (the "Executive Order"). The Executive Order is a key part of the EU-US Data Privacy Framework (the "Framework"), which is intended to replace the Privacy Shield safeguard for EU GDPR personal data exports to the United States of America. Alongside the Executive Order, the Attorney General signed Department of Justice Regulations (Attorney General Order No. 5517-2022) (the “Regulations”) which are designed to complement the Framework in stabilising trans-Atlantic transfers.
The fourth anniversary of the GDPR: what's happened and what's next
On the 25 May 2018, the General Data Protection Legislation ("GDPR") came into effect in the EU. Since then, the global data protection stage has seen many key developments. Four years on, the GDPR has become the new world standard for privacy and data protection, with as many as 20 countries around the world introducing new legislation that uses the GDPR as a model to shape their own data protection principles. On this anniversary, we look back at the key privacy milestones since 2018 and consider what the future of the GDPR looks like for UK businesses.
Data Reform Bill announced in Queen’s Speech
On 10 May 2022, it was announced in the Queen's Speech that the UK's data protection regime will be reformed through the introduction of the Data Reform Bill (the "Bill"). This follows the Government's consultation paper on reforms to the UK's data protection regime last September.
Facial recognition goes to war: How AI is being used in Ukraine
The Ukrainian government is reportedly using software developed by Clearview AI Inc. ("Clearview") to identify the bodies of Russian soldiers, killed in combat, to inform their family of their death.
Guidance issued by the EDPB on international transfers of personal data
On 18 November 2021, the European Data Protection Board (the "EDPB") adopted guidelines (the "Guidelines") on the interplay between Article 3 and Chapter V of the EU General Data Protection Regulation ("GDPR"). The objective of the Guidelines is to assist data controllers and data processors, especially those within the EU, with identifying an international transfer. The Guidelines are also intended to address uncertainties that have emerged following the European Commission's new standard contractual clauses, published in June 2021.
Uber accused of using discriminatory facial verification software
An employment tribunal claim has been filed against Uber by one of its drivers over its use of allegedly racially discriminatory facial-verification software.