Author

Harry Small

Browsing

On Christmas Eve the UK and the EU concluded a Trade and Cooperation Agreement in principle.We’ve set out the key points from a data protection perspective below.The key take away is that transfers of personal data from the EEA to the UK can continue without safeguards for a period of up to six months from the end of the transition period while the European Commission considers whether to adopt an adequacy decision in respect of the…

Avid readers of this blog will know that shortly before the new year holidays advocate general Hendrik Saugmandsgaard Øe (a.g.) gave his opinion on how European Court of Justice (CJEU) should deal with the second Schrems case (Schrems II) on international data transfers. You’ll find the summary we wrote at the time here. This is the first in a series of blogs, on different impacts the opinion might have particularly on the available data transfer…

The European Union’s highest court, the Court of Justice of the European Union (CJEU), is evaluating the legitimacy of the EU standard contractual clauses (SCC). SCCs have been the bedrock of cross-border personal data transfers outside the EU for many years. Today, the advocate general (a.g.) has rendered an opinion on the Schrems II case. By way of brief background, Schrems II is a case before the Court of Justice of the European Union (CJEU)…

On 3 July 2019 the ICO published its new Guidance on the use of cookies and similar technologies (Guidance) which replaces the previous guidance on cookies (last updated in May 2012) and complements the ICO’s guidance on cookies in its Guide to PECR .Why has the ICO published new guidance now?Currently, the use of cookies is subject to two overlapping regimes: the Privacy and Electronic Communications Regulations (PECR), which implement the e-Privacy Directive in the…

On 20th June 2019 the Information Commissioner’s Office (ICO) published its “Update report into adtech and real time bidding” setting out the ICO’s findings and views on data protection practices in the adtech industry. This follows a review by the ICO of the adtech industry including engagement with industry stakeholders. The review focused specifically on real time bidding (RTB) as, according to the ICO, this type of online behavioural advertising appears particularly challenging from a…

Please click here to read Part I of this article. Future GDPR regulatory landscape Higher risk of enforcement on the horizon? In the GDPR’s first year we have seen a large number of complaints and data breach notifications to regulators but comparatively few enforcement actions and fines. There are likely several reasons why enforcement activity has been relatively slow so far. First, a number of DPAs will have faced challenges in preparing for GDPR themselves;…

The GDPR celebrated its first anniversary on 25 May 2019 – a good time to take stock. In this article, we look at how the GDPR has been enforced so far, what the regulators’ future direction of travel might be, and the key areas organisations will need to focus on in the coming months. EU enforcement trends The local data protection authorities (DPAs) are facing a heavy caseload. As at 22 May 2019, there had…