Tag archives: UK

The UK National AI Strategy: Regulation, Data Protection and IPR in the Mix

By Marcus Evans (UK), Michael Sinclair (UK) and Peter McBurney on September 30, 2021 Posted in General

The UK Government has published its National AI Strategy. Click here to read more about what the National AI Strategy says about AI regulation, and its implications for data protection in the UK. In this detailed blog we examine three discrete issues addressed in it (AI regulation, data protection and intellectual property rights) and we … Continue reading

UK Government sets out proposals to shake up UK data protection laws

By Marcus Evans (UK), Lara White (UK) and Sahar Bhaimia on September 28, 2021 Posted in Compliance and risk management, General

Data Protection Report - Norton Rose Fulbright

On 10 September 2021, the UK Government published its consultation paper on proposals to reform the UK’s data protection regime. The deadline for responding to the consultation is 19 November 2021. In August, the Government announced that it intended to “seize the opportunity” afforded by the UK’s exit from the European Union to makes some … Continue reading

The UK Government unveils its post-Brexit plans to shake up data protection laws

By Lara White (UK), Marcus Evans (UK) and Isabella Martinez-Sistac Orozco on August 27, 2021 Posted in General, Privacy law, Regulatory response

On 26 August 2021, in a move that puts it on a potential collision course with the EU, the UK Government made a number of announcements relating to the future of the UK’s data protection regime, with the stated intention of “seizing the opportunity” by “developing a world leading data policy that will deliver a … Continue reading

Interim proprietary injunction granted over bitcoin cyber extortion payment

By Ffion Flockhart (UK), Charlie Weston-Simons (UK), Steven Hadwin (UK) and Ally Corbridge (UK) on January 23, 2020 Posted in Cybercrime

Norton Rose Fulbright - Data Protection Report blog

An interim proprietary injunction has been granted by the English High Court over a bitcoin ransom payment paid to a third-party wallet.… Continue reading

Bank of England cyber resilience exercise

By Ffion Flockhart (UK), Steven Hadwin (UK) and Marcus Harewood (UK) on October 3, 2019 Posted in Cybersecurity

BoE publish high level findings of the financial sector (“sector”) cyber simulation exercise.… Continue reading

Parenting support club Bounty fined in ‘unprecedented’ data breach

By Lara White (UK) on April 18, 2019 Posted in Enforcement

On 12 April, the Information Commissioners Office (ICO) fined Bounty, a pregnancy and parent support club, £400,000 for illegally sharing personal data belonging to more than 14 million people. As the contravention took place just before the General Data Protection Regulation (GDPR) came into force, the fine was issued under the Data Protection Act 1998 … Continue reading

UK Supreme Court grant Morrisons permission to appeal vicarious liability finding

By Ffion Flockhart (UK), Marcus Evans (UK), Lara White (UK) and Steven Hadwin (UK) on April 17, 2019 Posted in Data breach

The Supreme Court has granted Morrisons to appeal against the judgment of the Court of Appeal in Morrison Supermarkets PLC v Various Claimants.… Continue reading

Lloyd v Google – putting the brakes on English data breach litigation?

By Steven Hadwin (UK), Ffion Flockhart (UK), Jonathan Ball (UK), Marcus Evans (UK), Charlie Weston-Simons (UK) and Rahul Mansigani (UK) on October 8, 2018 Posted in Data breach, Dispute resolution and litigation

A judgment handed down today by the English High Court will be welcomed by UK data controllers. Lloyd v Google [2018] EWHC 2599 represents a corollary to recent case law expanding the circumstances in which litigation may be brought in relation to breaches of data protection legislation. Most notably, the case: reinforces the need for … Continue reading

UK NIS Regulations impose new cybersecurity obligations (and a new penalties regime) on operators of essential services and digital service providers in the UK

By Steven Hadwin (UK) on May 10, 2018 Posted in Compliance and risk management, Regulatory response

The UK NIS Regulations (implementing the NIS Directive) come into force in the UK today (10 May 2018). These Regulations have received limited press attention, in part due to the emphasis that has been placed on GDPR implementation. However, the NIS Regulations represent a significant change in the legal environment relating to cybersecurity in the … Continue reading

Vicarious liability in UK data breach-related litigation – is Morrisons a game-changer?

By Steven Hadwin (UK), Jonathan Ball (UK), Ffion Flockhart (UK), Marcus Evans (UK) and Ralph Wilkinson (UK) on December 4, 2017 Posted in Data breach, Dispute resolution and litigation

The High Court in London has handed down a judgment establishing that, as a matter of English law, a company can be held vicariously liable in respect of data breaches caused by its employees.… Continue reading

UK Information Commissioner Publishes Draft GDPR Consent Guidance

By Marcus Evans (UK) on March 15, 2017 Posted in Compliance and risk management, Regulatory response

On March 2, 2017, the UK Information Commissioner’s Office (ICO) published its draft General Data Protection Regulation (GDPR) consent guidance, and called for comments on the guidance. The consultation is open until March 31, 2017. The ICO will issue final guidance in May 2017. The guidance is detailed, and references the various GDPR Articles and … Continue reading

Damages for Emotional Distress for Privacy Claims to Stay in the UK

By Marcus Evans (UK) and Ffion Flockhart (UK) on August 8, 2016 Posted in Compliance and risk management, Dispute resolution and litigation

On June 30, 2016, Google withdrew its appeal from the UK Supreme Court in the landmark case of Google v. Vidal-Hall after the parties reached a settlement. In the ruling on appeal, the Court of Appeal had ruled that damages for emotional distress, without any pecuniary loss, may be awarded under the Data Protection Act … Continue reading

Brexit: The Continued Application of the GDPR

By Marcus Evans (UK) on June 29, 2016 Posted in Compliance and risk management, Regulatory response

On Friday, June 24, the UK electorate voted through a referendum to leave the European Union by a 52% majority. The mechanics of leaving the European Union will be complex, given that the referendum question did not spell out what relationship the UK would have with the EU once it has left, and there is … Continue reading

British supermarket chain faces group litigation action in the UK based on data breach

By Jonathan Ball (UK) on March 7, 2016 Posted in Data breach

In November of 2015, the English High Court in London approved a Group Litigation Order (“GLO”) allowing employees of one of the United Kingdom’s largest supermarket chains to join the pending action.… Continue reading

EU-US Privacy Shield – UK ICO updates its interim position on transfers to the US

By Marcus Evans (UK) on February 12, 2016 Posted in Regulatory response

Today the UK data protection authority (the ICO) published a blog post and consolidated interim guidance on how to handle EU/US data transfers while the EU-US Privacy Shield is being scrutinised by the Article 29 Working Party.… Continue reading

UAE copyright law protects privacy of photography subjects

By on August 24, 2015 Posted in Compliance and risk management

While the Duke of Cambridge’s request for global media to respect the privacy of his son, Prince George, has started a debate over the extent to which individuals in the UK can rely on legal measures to prevent the publication of intrusive photographs, the position is somewhat clearer in the United Arab Emirates with specific … Continue reading

EU focuses on authority of SAs to enforce “One Stop Shop,” proposes a replacement for WP29

By Marcus Evans (UK) on April 16, 2015 Posted in Regulatory response

This is Part 3 of a five-part series on the “One Stop Shop” mechanism in the proposed new European data protection regulation. In Part 1 we examined why there is a need for a One Stop Shop, and what it is. In Part 2 we examined the concept of main establishment and the position of entities without … Continue reading

UK Court of Appeal Establishes Data Protection Rights in Privacy Case

By Jane Berry (UK), Ffion Flockhart (UK) and Marcus Evans (UK) on April 9, 2015 Posted in Dispute resolution and litigation

A recent English Court of Appeal judgment could significantly broaden the circumstances in which data protection litigation can be brought – and damages can be awarded – under English law. Background Vidal-Hall et al v Google ([2015] EWCA Civ 311) involves claims brought by three individual users against Google. The users alleged that Google collected private … Continue reading

Importance of data privacy and transparency in the UK highlighed by Investigatory Powers Tribunal decision

By Marcus Evans (UK) on February 17, 2015 Posted in General

A recent landmark ruling from the UK’s Investigatory Powers Tribunal has highlighted the growing importance the UK courts place on data privacy and transparency. It is the first occasion that the Investigatory Powers Tribunal has upheld part of a complaint against the intelligence agencies since it was set up in 2000. On February 6, 2015 … Continue reading