The bill would largely build on the UK data protection regime’s EU GDPR-style framework, albeit with UK-specific provisions. By James Lloyd, Fiona M. Maclean, Calum Docherty, Irina Vasile, Alex Ford-Cox, and Amy Smyth The UK government introduced the Data Protection and Digital Information Bill (the Bill) to Parliament on 18 July 2022, following the publication … Continue Reading
Areas of interest include anonymisation, “recognised legitimate interests”, and the ICO’s role. By James Lloyd, Fiona M. Maclean, Calum Docherty, Irina Vasile, Alex Ford-Cox, and Amy Smyth The UK Data Protection and Digital Information Bill (the Bill) sets out the government’s proposals for reforming the current UK data protection regime (consisting primarily of the UK … Continue Reading
The Act represents an accelerating trend among US states to attempt to pass comprehensive privacy legislation in the wake of the CCPA. By Jennifer C. Archie, Michael H. Rubin, Marissa R. Boynton, and Alexander L. Stout On March 2, 2021, Virginia Governor Ralph Northam signed comprehensive state privacy legislation titled the Consumer Data Protection Act … Continue Reading
Amendments to the PDPA significantly change Singapore’s data protection landscape, including mandatory data breach notification and criminal offences for mishandling of personal data. By Farhana Sharmeen, Esther Franks, and Gen Huong Tan On 1 February 2021, certain sections of the Personal Data Protection (Amendment) Act 2020 (the Act) took effect, implementing the following changes to … Continue Reading
As the Brexit transition period draws to a close, businesses will need to consider their data protection efforts to comply with both UK and EU regimes. By Gail Crawford, Fiona Maclean, and Amy Smyth The end of the Brexit transition period on 31 December 2020 will have several data protection consequences. The impact of one … Continue Reading
The European Commission has published draft updated standard contractual clauses in light of the Schrems II decision. By Gail Crawford, Ian Felstead, Fiona Maclean, Serrin Turner, Tim Wybitul, Victoria Wan, and Amy Smyth On 12 November 2020, the European Commission (the Commission) published a draft implementing decision, annexing a draft set of updated standard contractual … Continue Reading
The EDPB takes a strict approach in its recent guidance on international data transfers following Schrems II, posing a difficult challenge for businesses. By Gail Crawford, Ian Felstead, Fiona Maclean, Serrin Turner, Tim Wybitul, Victoria Wan and Amy Smyth On 10 November, the European Data Protection Board (EDPB) released its much anticipated draft guidance on … Continue Reading
The CNIL has imposed a €250,000 fine on an online retailer for GDPR infringements in cooperation with other EU supervisory authorities. By Myria Saarinen and Charlotte Guerin Founded in 2006 and headquartered in France, Spartoo SAS (Spartoo) is one of the leaders of the European online shoe retail market. On 31 May 2018, a week … Continue Reading
A ruling by the EU’s top court invalidates the key mechanism for transferring personal data from the EU to the US and imposes additional conditions for use of the standard contractual clauses. By Gail E. Crawford, Fiona M. Maclean, Michael H. Rubin, Ulrich Wuermeling, Calum Docherty, and Amy Smyth On 16 July 2020, the Court of … Continue Reading
Hong Kong regulator declares that the disclosure of personal data of potential COVID-19 carriers is permissible under law. By Kieran Donovan COVID-19 is having a profound impact not only on the way the world interacts socially, but also in the way it interacts in business. Businesses are choosing to protect the health and well-being of … Continue Reading
Research participants must identify which data sets constitute personal data to ensure compliance with the GDPR. By Frances Stocks Allen and Mihail Krepchev The UK Medical Research Council (MRC) has published a useful guidance note on the identifiability, anonymisation, and pseudonymisation of personal data in the context of research activities (the Guidance). The Guidance reminds … Continue Reading
UK data protection regulator demands companies in the RTB ecosystem re-evaluate privacy notices, use of personal data, and lawful basis. By Robert Blamires, Calum Docherty, Laura Holden, and Lucy Tucker The UK Information Commissioner’s Office’s (ICO’s) latest report into adtech and real time bidding (RTB) (the ICO Report) provides a stark assessment of the adtech … Continue Reading
Sponsors outside the European Union conducting clinical trials in the EU should consider current guidelines and the Breyer case to understand whether GDPR requirements will apply to them. By Gail Crawford and Frances Stocks Allen Many sponsors of clinical trials believe that companies based outside the EU who sponsor clinical trials conducted in the EU … Continue Reading
