Last year’s European Court of Justice (ECJ) judgement in Data Protection Commissioner v Facebook Ireland LTD, Maximillian Schrems, C-311/18 (Schrems II) continues to have ramifications for cross border data transfers. The...more
In a significant decision, the Supreme Court unanimously held that Morrisons, the U.K. supermarket chain, was not vicariously liable for an employee’s significant data breach, reversing the Court of Appeal’s previous...more
The General Data Protection Regulation (GDPR) provides that personal data may only be transferred to a country outside the European Economic Area (EEA) if that country ensures an adequate level of protection for personal...more
1/7/2020
/ Corporate Counsel ,
Cybersecurity ,
Data Protection ,
EU ,
EU Data Protection Laws ,
European Commission ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Standard Contractual Clauses
On 8 July 2019, the U.K. Information Commissioner’s Office (ICO) issued a Notice of Intent to fine British Airways (BA) £183.39 million (approximately $232 million). While the Notice of Intent, as the name suggests, is not a...more
It only took hours for the first-ever GDPR complaint to be filed on 25 May 2018, with Google in the firing line. The investigation into the complaint concluded on 21 January 2019, and a decision was rendered: Google would be...more
The General Data Protection Regulation (GDPR) significantly expanded the territorial scope of EU data protection law. This was intended to ensure comprehensive protection for EU data subjects’ rights and establish a level...more
In May 2017, ransomware known as WannaCry affected computers in organizations around the world, encrypting data and demanding “ransoms” of between $300 and $600, payable in Bitcoin. WannaCry spread through organizations’...more