Data sharing

ICO investigation into the Royal Free’s use of patient data used as an opportunity to educate

Charlotte Mullarkey

In a case which has wide implications for the health care sector, the ICO has ruled that the Royal Free NHS Foundation Trust failed to comply with the UK Data Protection Act when it provided personal data of about 1.6 million patients to Google DeepMind. The personal data was provided as part of a trial Read More

No Comments

Allen & Overy updates UK data protection App “Access Assist”

Nigel Parker

Whilst most data privacy specialists are understandably focused on moving towards compliance with the GDPR, it is important not to lose sight of existing challenges. One particular challenge among them, for many, is dealing with data subject access requests. These requests are a perennial problem for many businesses, often made by disgruntled employees or customers Read More

No Comments

What hangs in the balance in Microsoft’s win against the U.S. government?

Keren Livneh

On July 14, 2016, the Court of Appeals for the Second Circuit reversed a District Court decision ordering Microsoft to comply with a warrant issued in a U.S. narcotics trafficking investigation to produce a customer’s web-based emails, stored exclusively on servers in Ireland. The Second Circuit held that the Stored Communications Act (SCA), under which Read More

No Comments

In a privacy paradigm shift, Microsoft sues the US government.

Keren Livneh

On April 15, 2016, Microsoft filed suit against the U.S. Department of Justice and Attorney General in the Western District of Washington (where Microsoft is headquartered), seeking a declaration that a provision of the Electronic Communications Privacy Act is unconstitutional on the basis that it prohibits Microsoft from notifying its customers when a warrant is Read More

No Comments

Privacy by design – is there such a thing as too much?

Karishma Brahmbhatt

Privacy by design has been one of the buzzwords of the General Data Protection Regulation (GDPR), with the Regulation going so far as to say that “in order to be able to demonstrate compliance with this Regulation, the controller should adopt internal policies and implement measures which meet in particular the principles of data protection Read More

No Comments

A leap forward for the EU-US Privacy Shield

Nigel Parker

Taking advantage of our extra day this month, the European Commission has today issued a press release summarising the steps taken to restore trust in transatlantic data flows following the 2013 surveillance revelations and the 2015 judgment of the CJEU in the Schrems case. The press release is accompanied by a draft “adequacy decision” as Read More

No Comments