Free tools and resources for Data Protection Officers!

Tag Archives for " UK "

A #MeToo Story in Britain Prompts Debate Over Privacy Laws

A debate over press freedom, the right to privacy and the validity of nondisclosure agreements has erupted in Britain in recent days after a court upheld an injunction barring The Daily Telegraph from publishing accusations of misconduct against a British businessman, Sir Philip Green.

Full article: A #MeToo Story in Britain Prompts Debate Over Privacy Laws – The New York Times

UK Court of Appeal reverses High Court decision on data subject access requests

In June 2018, in B v General Medical Council [2018] EWCA Civ 1497, a majority of the Court of Appeal reversed the earlier decision of the English High Court and permitted General Medical Council, as data controller, to disclose an expert medical report to a patient pursuant to a data subject access request.

Full article: UK Court of Appeal reverses High Court decision on data subject access requests

How real is the threat of data protection group litigation in the UK?

In the run up to the implementation of the EU General Data Protection Regulation 2016/679, there were various dystopian predictions of huge fines and the rise of US style class action. Some of these claims have rightly been criticised as sales patter and scaremongering.

Two recent cases in the English courts help to some extent to clarify the evolving risk of group litigation for data protection, albeit that these are early skirmishes and there will undoubtedly be more litigation to follow.

Source: UK: How real is the threat of data protection group litigation in the UK?

Neighbors Take Tate Modern to Court Over Privacy

The 10-floor viewing terrace of the Tate Modern art gallery in London has a 360-degree view of the city, including some of its most famous landmarks, but also into the private lives of residents of luxury apartments in a neighboring building.

The owners of four apartments in the building sued gallery in 2017 claiming a “relentless” invasion of privacy. They are seeking an injunction that would require the gallery either to restrict access to parts of the terrace adjacent to their homes or to erect a screen. On Friday, a court began hearing their case.

Source: You Can See What? Neighbors Take Tate Modern to Court Over Privacy – The New York Times

What does the newly signed ‘Convention 108+’ mean for UK adequacy?

The Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108) has been given an overhaul to bring it into line with the General Data Protection Regulation. While Convention 108 is not an EU document, the European Commission sees the protocol as a way of encouraging “third countries” to adopt the basic tenets of the GDPR. This could be particularly interesting for the U.K., which will become a third country after Brexit.

Full article: What does the newly signed ‘Convention 108+’ mean for UK adequacy?

Sensitive personal data in HR functions: climbing the ladder of legal bases

The GDPR’s entry into force has forced HR teams across the US and EU to re-evaluate the ways in which they justify the use of personal data relating to their employees, applicants and contractors.

Whilst compliance priorities will vary between businesses, all US headquartered organizations with a presence or personnel in the UK should be particularly mindful of their enhanced obligations to satisfy multiple conditions under both the GDPR and the UK’s new Data Protection Act 2018 (“DPA 2018“) before collecting certain special categories of personal data.

Full article: Sensitive personal data in HR functions: climbing the ladder of legal bases

Average fine in UK for data breaches doubles to £146,000 in just a year

The average value of fines issued by the UK’s data protection authority doubled over the last year to reach £146,000. The total value of penalties imposed by the Information Commissioner’s Office (ICO) rose to just under £5 million in the 12 months to the 30th of September 2018, up 24% from £4 million the year before.

Source: Average fine for data breaches doubles to £146,000 in just a year

Processing data in a post-Brexit world

The physical movement of goods and people across EU borders post-March 2019 is quite rightfully attracting much attention. Whilst these concerns are undoubtedly valid (British consumers are likely to face raised prices on imported goods and long queues at the borders, whilst exporters can expect tariff increases and more stringent customs controls leading to delays), in a world where data is coin of the realm, it seems prudent to consider Brexit’s impact on the digital economy.

Full article: Processing data in a post-Brexit world

Vicarious liability in the data breach context – bad news for UK employers?

The Court of Appeal has upheld a decision of the High Court holding that an employer can be vicariously liable for data breaches caused by the actions of an employee, even where the employee’s actions were specifically intended to harm the employer.

Full article: Vicarious liability in the data breach context – bad news for UK employers?

>