Tag: Data Protection
Landmark Decision Handed Down on ICO’s Responsibilities in Handling Subject Access Requests
On 10 October 2023, the England and Wales Court of Appeal handed down its decision in Delo, R. (On the Application Of) v. The Information Commissioner, in which it upheld an earlier High Court ruling that the UK’s data protection regulator, the Information Commissioner’s Office (ICO), is not obliged to […]
New UK Guidance on Workplace Monitoring
On 3 October 2023, the UK’s Information Commissioner’s Office (ICO) published new guidance on workplace monitoring. The previous guidance was issued in 2011, as part of the ICO’s Employment Practices Code, and was badly in need of updating, given both the development of new monitoring technologies over the last 12 […]
United Kingdom: Injunctive Relief Against Persons Unknown – The Ransomware Edition
On 11 July 2023, the English High Court handed down its decision on the claimant’s application in Armstrong Watson LLP v. Persons Unknown, granting judgment in default and final injunctive relief. Specifically, the court granted the claimant permanent injunctive relief against persons unknown – a group of unidentified hackers – […]
Breached the GDPR? Calculate your own fine!
The General Data Protection Regulation (GDPR) is a difficult piece of legislation to comply with, and not meeting some of its requirements may lead to hefty fines of up to 4% of global annual revenues of the preceding year or 20 million euros, whichever is highest. Organisations may find it […]
Irish Circuit Court Awards Damages for ‘Non-Material’ Harm Under GDPR
On 11 July 2023, the Circuit Court of Ireland awarded 2,000 euros in compensation to a plaintiff seeking ‘non-material damage’ under Article 82 of the General Data Protection Regulation, in what is believed to be the first case in the European Union to follow the recent Court of Justice of […]
One Step Closer to a European Law Regulating Artificial Intelligence
On 14 June 2023, the European Parliament adopted its negotiating position on the Artificial Intelligence (AI) Act. The European Parliament’s vote on the AI Act proposal marks a significant milestone toward the regulation of AI within the European Union, as it sets the baseline for inter-institutional negotiations, as further discussed […]
CJEU Clarifies Whether Data Protection Officers Can Perform Other Roles or Be Dismissed
On February 9, 2023, the Court of Justice of the European Union ruled in two decisions (C-453/21 and C-560/21) that a data protection officer (DPO) may have other duties within their role if there is not a conflict of interest. The CJEU also found that national provisions that allow for the […]
Cooley Privacy Talks: Key Things to Know About Data Protection Laws in China
This post relates to Cooley’s Privacy Talks series – a webinar program featuring Cooley practitioners discussing practical guidance and best practices around managing data protection-related issues. Sessions range from the European General Data Protection Regulation (GDPR) to the California Consumer Privacy Act (CCPA) – and all the other new data […]
Data Disputes: How UK Class Action Landscape Is Shaping Up
Introduction The number of class actions brought in the UK is likely to grow considerably in the coming years. In particular, we expect claimant firms to continue making claims for misuse use of data where an issue affects a large number of individuals. This post: Introduces group and representative actions […]
Europe Takes Position on Sending Personal Data to Russia
On 12 July 2022, the European Data Protection Board (EDPB) adopted Statement 02/2022 on Personal Data Transfers to the Russian Federation, in which it confirmed that data transfers to Russia require a data transfer impact assessment (DTIA). A DTIA is a case-by-case evaluation that determines whether a specific data transfer […]