The UK Government has published its National AI Strategy. Click here to read more about what the National AI Strategy says about AI regulation, and its implications for data protection in the UK. In this detailed blog we examine three discrete issues addressed in it (AI regulation, data protection and intellectual property rights) and we … Continue reading
On 10 September 2021, the UK Government published its consultation paper on proposals to reform the UK’s data protection regime. The deadline for responding to the consultation is 19 November 2021. In August, the Government announced that it intended to “seize the opportunity” afforded by the UK’s exit from the European Union to makes some … Continue reading
On 26 August 2021, in a move that puts it on a potential collision course with the EU, the UK Government made a number of announcements relating to the future of the UK’s data protection regime, with the stated intention of “seizing the opportunity” by “developing a world leading data policy that will deliver a … Continue reading
An interim proprietary injunction has been granted by the English High Court over a bitcoin ransom payment paid to a third-party wallet.… Continue reading
On 12 April, the Information Commissioners Office (ICO) fined Bounty, a pregnancy and parent support club, £400,000 for illegally sharing personal data belonging to more than 14 million people. As the contravention took place just before the General Data Protection Regulation (GDPR) came into force, the fine was issued under the Data Protection Act 1998 … Continue reading
The Supreme Court has granted Morrisons to appeal against the judgment of the Court of Appeal in Morrison Supermarkets PLC v Various Claimants.… Continue reading
A judgment handed down today by the English High Court will be welcomed by UK data controllers. Lloyd v Google [2018] EWHC 2599 represents a corollary to recent case law expanding the circumstances in which litigation may be brought in relation to breaches of data protection legislation. Most notably, the case: reinforces the need for … Continue reading
The UK NIS Regulations (implementing the NIS Directive) come into force in the UK today (10 May 2018). These Regulations have received limited press attention, in part due to the emphasis that has been placed on GDPR implementation. However, the NIS Regulations represent a significant change in the legal environment relating to cybersecurity in the … Continue reading
The High Court in London has handed down a judgment establishing that, as a matter of English law, a company can be held vicariously liable in respect of data breaches caused by its employees.… Continue reading
On March 2, 2017, the UK Information Commissioner’s Office (ICO) published its draft General Data Protection Regulation (GDPR) consent guidance, and called for comments on the guidance. The consultation is open until March 31, 2017. The ICO will issue final guidance in May 2017. The guidance is detailed, and references the various GDPR Articles and … Continue reading
On June 30, 2016, Google withdrew its appeal from the UK Supreme Court in the landmark case of Google v. Vidal-Hall after the parties reached a settlement. In the ruling on appeal, the Court of Appeal had ruled that damages for emotional distress, without any pecuniary loss, may be awarded under the Data Protection Act … Continue reading
On Friday, June 24, the UK electorate voted through a referendum to leave the European Union by a 52% majority. The mechanics of leaving the European Union will be complex, given that the referendum question did not spell out what relationship the UK would have with the EU once it has left, and there is … Continue reading
In November of 2015, the English High Court in London approved a Group Litigation Order (“GLO”) allowing employees of one of the United Kingdom’s largest supermarket chains to join the pending action.… Continue reading
Today the UK data protection authority (the ICO) published a blog post and consolidated interim guidance on how to handle EU/US data transfers while the EU-US Privacy Shield is being scrutinised by the Article 29 Working Party.… Continue reading
While the Duke of Cambridge’s request for global media to respect the privacy of his son, Prince George, has started a debate over the extent to which individuals in the UK can rely on legal measures to prevent the publication of intrusive photographs, the position is somewhat clearer in the United Arab Emirates with specific … Continue reading
This is Part 3 of a five-part series on the “One Stop Shop” mechanism in the proposed new European data protection regulation. In Part 1 we examined why there is a need for a One Stop Shop, and what it is. In Part 2 we examined the concept of main establishment and the position of entities without … Continue reading
A recent English Court of Appeal judgment could significantly broaden the circumstances in which data protection litigation can be brought – and damages can be awarded – under English law. Background Vidal-Hall et al v Google ([2015] EWCA Civ 311) involves claims brought by three individual users against Google. The users alleged that Google collected private … Continue reading
A recent landmark ruling from the UK’s Investigatory Powers Tribunal has highlighted the growing importance the UK courts place on data privacy and transparency. It is the first occasion that the Investigatory Powers Tribunal has upheld part of a complaint against the intelligence agencies since it was set up in 2000. On February 6, 2015 … Continue reading