Life With GDPR: Cathay Pacific Enforcement Action
Life With GDPR: Episode 30- British Airways Data Breach Enforcement Action
E18: ICANN Loses First GDPR Court Ruling in Germany
The dramatic increase in global reach that the internet provides U.S.-based companies comes as a double edge sword. While it significantly increases a company’s potential customer pool, it also subjects companies to...more
The UK’s data protection regulator, the Information Commissioner’s Office (ICO), has recently announced investigations into three companies in connection with the use of children’s personal information. In a statement on...more
On 10 October 2023, the England and Wales Court of Appeal handed down its decision in Delo, R. (On the Application Of) v. The Information Commissioner1, in which it upheld an earlier High Court ruling that the UK’s data...more
Why should I read this? A new UK-US data bridge will be available to businesses in the UK looking to transfer personal data to organizations in the United States certified under the UK Extension to the EU-US Data Privacy...more
A challenging economic situation is prompting contentious staffing decisions. The rise of hybrid work has led employers to generate more information in more places about employees. Against this backdrop, more employees are...more
Within the past year, a number of countries around the world, including the United States, United Kingdom, France, and The Netherlands have initiated regulatory inquiries and developed new strategies for the purpose of more...more
The European Data Protection Board (EDPB) adopted a draft report of the work undertaken by the Cookie Banner Taskforce (the Report). The Report describes how regulators apply cookie legislation in handling certain types of...more
On 17 November 2022, the Information Commissioner's Office (“ICO”) announced that it has updated its guidance on international data transfers. In its announcement, the ICO outlined its intention to “clarify an alternative...more
Moving forward, businesses will need to use the updated Data Transfer Agreement or Data Transfer Addendum for any relationship or contract that contemplates the cross-border transfer of UK personal data. As of September...more
On 18 July 2022 the Data Protection and Digital Information Bill (the Bill) was introduced for discussion into parliament, in one of the UK's first drives towards data protection reform after Brexit....more
Two new United Kingdom (“UK”) data transfer mechanisms, the International Data Transfer Agreement (“IDTA”) and the International Data Transfer Addendum (“UK Addendum”) to the European Union’s (“EU”) new standard contractual...more
In February 2022, the United Kingdom (UK) Information Commissioner’s Office (“ICO”), along with the data protection authority (“DPA”) in the UK, published three new documents ("UK Documents") which update the UK's position on...more
On September 10, the U.K. government launched a consultation “Data: A New Direction” (Consultation), which proposes significant changes to the U.K.’s data protection framework. The U.K. government has signalled its...more
Since the General Data Protection Regulations ("GDPR") came into force in 2018, companies in the United Kingdom (UK) that have suffered cybersecurity attacks often face civil claims from individuals whose data has been...more
On 11 August, the UK Information Commissioner’s Office launched a consultation paper on “International transfers under UK GDPR”. The documents released alongside the paper include a draft International Data Transfer Agreement...more
On 28 June 2021, just two days before the interim EU-UK data transfer “bridging mechanism” expired under the Trade and Cooperation Agreement, the European Commission (EC) adopted two adequacy decisions for the UK to...more
With the end of the Brexit transition period rapidly approaching and the United Kingdom (UK) poised to become a “third country” after it leaves the European Union (EU), the UK and the EU have yet to reach any “deal” on how...more
Hot on the heels of the £20 million fine issued to British Airways, the Information Commissioner’s Office (“ICO“) has issued Marriott International Inc. (“Marriott“) with a long-awaited penalty notice for its failure to...more
Few will have been surprised that, when the ICO eventually published details of the BA and Marriott fines, the final penalties were very much lower than the £183+ million and £99+ million proposed in the original notices of...more
On 30 October 2020, the UK’s data privacy regulator, the Information Commissioner’s Office (ICO) issued a final penalty notice (Penalty Notice) to fine the hotel chain Marriott International, Inc. (Marriott) for a GDPR data...more
The UK Information Commissioner’s Office (ICO) has recently handed down two of the largest fines relating to a data breach in UK history. In August 2018, British Airways (BA) was subject to a cyberattack which breached the...more
What insights into cyber security norms can organisations glean from the UK ICO’s recent enforcement decisions, most of which have been released since the GDPR came into force? Final fines are still awaited on the UK’s...more
As the United Kingdom (UK) rapidly approaches a potential exit (BREXIT) from the European Union (EU), confusion abounds as to the applicability of the revolutionary data privacy rules of the EU’s General Data Protection...more
“Business as usual” for UK-EU data protection transition in 2020. On 29 January 2020, the EU Parliament approved the UK Withdrawal Agreement after the UK Parliament’s ratification via the EU Withdrawal Act 2020 on 23 January...more
Now that Exit Day on 31st January is drawing close attention is focussing on what will happen during the transition period that will run from 31St January until the end of the year. ...more