The UK Government has added two new duties to the proposed Online Safety Bill (the Bill) that are aimed at protecting people against anonymous online abuse. These measures would give users of “main social media firms” more control over who can interact with them and the type of content users see (see the Government’s press … Continue reading
In SMO (A Child) v Tiktok Inc. & Ors [2022] EWHC 489, the High Court considered an alternative basis for bringing a representative claim for loss of control under the GDPR and the Data Protection Act 2018 (DPA 2018) following the Supreme Court’s decision in Lloyd v Google. This case is a pre-Lloyd decision representative … Continue reading
On 23 February 2022 the EU Commission published its long-awaited Data Act, the last major building block of the Commission’s February 2020 Data Strategy. The Data Act: Is an ambitious piece of legislation with implications for consumers and businesses across the economy, not limited to the technology sector. Aims to facilitate access to data by … Continue reading
For many years, the immersive three-dimensional digital world has been left to the cinematic experience. However, the emergence of the metaverse presents an opportunity to translate everyday activities – working, attending a concert, travelling, shopping, socializing – into a parallel digital universe. The metaverse is an abstract concept that uses a digital environment to permeate … Continue reading
With the growth of the high-tech industry worldwide, it is no surprise that more and more transactions involve the transfer of rights to access or control data and derivative data. In our previous update we discussed protecting business data in a commercial context. In the M&A context, this valuable information is either the driving force of … Continue reading
Introduction Significant changes to the law with respect to security of critical infrastructure in Australia, including enhanced cybersecurity incident reporting requirements and the inclusion of further asset classes have been passed. On 22 November 2021, the Security Legislation Amendment (Critical Infrastructure) Bill 2021 (Bill) passed both houses of the federal parliament of Australia and will … Continue reading
The Cyberspace Administration of China (CAC) released the draft Security Review Measures for Cross-Border Data Transfer (the Draft Security Review Measures) for public comments on 29 October 2021 – shortly before the effective date of the Personal Information Protection Law (PIPL), 1 November 2021. The three pillars of China’s cyber security and data legislation – … Continue reading
On 10 November 2021, the UK Supreme Court handed down the much anticipated judgment in Lloyd v Google LLC [2021] UKSC 50, unanimously allowing Google’s appeal and reversing the decision of the Court of Appeal. In summary, the Supreme Court ruled that damages for “loss of control” are not available for breach of the Data … Continue reading
The Singapore High Court and the Hong Kong District Court have both considered the right to compensation for injury to feelings in two recent cases involving misuse of personal data but arrived at different conclusions. Singapore: In Bellingham, Alex v. Reed, Michael, Mr. Bellingham obtained the email addresses of his former employers’ customers without their … Continue reading
In our previous publication, we discussed how a business’ data can be protected by characterizing it as intellectual property and protecting it as such. One of the most common ways to protect business data in a commercial context is through license agreements that impose contractual controls on the scope of protection of such data, as … Continue reading
On September 28, 2021, the US Senate Homeland Security and Governmental Affairs Committee released a draft bill that would, among other things, require nearly all entities that make a ransom payment as the result of a ransomware attack against the entity to report the payment to the Director of the Cybersecurity and Infrastructure Security Agency … Continue reading
The UK Government has published its National AI Strategy. Click here to read more about what the National AI Strategy says about AI regulation, and its implications for data protection in the UK. In this detailed blog we examine three discrete issues addressed in it (AI regulation, data protection and intellectual property rights) and we … Continue reading
On 10 September 2021, the UK Government published its consultation paper on proposals to reform the UK’s data protection regime. The deadline for responding to the consultation is 19 November 2021. In August, the Government announced that it intended to “seize the opportunity” afforded by the UK’s exit from the European Union to makes some … Continue reading
How do you balance sharing and protecting your business’ data? Unlike tangible assets, which can be protected primarily through physical means, intangible assets such as data require additional considerations. One key strategy to protect your business’ data is to characterize, and protect, that data as intellectual property. Data as IP Copyright Original compilations of data … Continue reading
On 26 August 2021, in a move that puts it on a potential collision course with the EU, the UK Government made a number of announcements relating to the future of the UK’s data protection regime, with the stated intention of “seizing the opportunity” by “developing a world leading data policy that will deliver a … Continue reading
Given global trends in the development of privacy laws and enforcement, Canada and several provinces are looking at modernizing their respective privacy regimes. Ontario’s new proposed privacy law, which would govern commercial activities more broadly than current legislation (i.e., our federal legislation, the Personal Information Protection and Electronic Documents Act (PIPEDA), and Ontario’s health privacy … Continue reading
China’s much anticipated Personal Information Protection Law (PIPL) is very likely to pass this month after the conclusion of the 30th meeting of the Standing Committee of the National People’s Congress, which is to be held in Beijing on 17-20 August. This follows the enactment earlier this year of the Data Security Law (DSL), which … Continue reading
Germany’s highest civil court, the Federal Court Of Justice (Bundesgerichtshof, the FCJ), has just published a decision specifying the scope of data subject access requests (DSARs). The FCJ held that Article 15 of the EU General Data Protection Regulation (GDPR) has a broader scope than previously understood in Germany. Pursuant to the court’s decision, Article 15 … Continue reading
The Personal Data (Privacy) (Amendment) Bill 2021 (the Bill) was gazetted today, 16 July 2021. The Bill aims to combat doxxing acts through (i) criminalisation of doxxing acts; (ii) empowering the Privacy Commissioner for Personal Data to conduct criminal investigation and institute prosecution for doxxing cases; and (iii) conferring on the Commissioner statutory powers to … Continue reading
Yesterday, the European Data Protection Board (EDPB) published its opinion on the European Commission’s draft Decision that the UK ensures an adequate level of protection for personal data (the Opinion). The Opinion was adopted by the EDPB on 13 April 2021, a couple of days before the Opinion’s official publication on 15 April 2021. The … Continue reading
Following nine months of assessment of the UK’s data protection laws (including the rules on access to data by public authorities), the European Commission has today published its draft decision on the adequate protection of personal data by the United Kingdom. The draft decision can be found here. The draft decision is welcome news to … Continue reading
Eureka! After burning the midnight oil, we’ve built an automated scanner to identify and sort the Schrems II risk of data flows for further legal handling. The scanner uses more than 20 different data points derived from network metadata to scan and classify data flows based on mass surveillance risk under the NSA’s so-called “Upstream” … Continue reading
Algorithmic decision-making has been in the news of late. From Ofqual’s downgrading of students’ A-level results[1] to the complaint lodged by None of Your Business’ against the credit rating agency CRIF for failing (amongst other things) to be transparent about the reasons why a particular applicant had been given a negative rating[2]. We have been … Continue reading
On 11 August 2020, the Court of Appeal (CA) handed down its judgement in the case of R (on the application of Edward BRIDGES) v The Chief Constable of South Wales Police. The court found that the use of automated facial recognition technology (AFT) by South Wales Police (SWP) was unlawful and did not comply … Continue reading