Focusing on the latest digital trends and risks and developments in the field of data protection, privacy, information and cyber law.

ICO Brings Some Welcome Clarification to the GDPR’s International Transfer Rules

David Smith

One of the challenges thrown up by the GDPR is understanding the interrelation between the extra-territorial scope provisions in Article 3 and the restrictions on international transfer in Chapter V. How, for example, do the international transfer restrictions apply, if they apply at all, to a data controller that has no presence in the EU Read More

Defogging the CLOUD Act

Natalie Young

Earlier this year, Congress passed the Clarifying Lawful Overseas Use of Data (“CLOUD”) Act. The CLOUD Act is significant because it allows US law enforcement authorities to access the data of US companies held abroad and could allow foreign governments who have entered into an executive agreement with the US to obtain data stored by Read More

Data Analytics and Political Campaigning – Looking Beyond the Headlines of the ICO’s Investigation

David Smith

Elizabeth Denham, the Information Commissioner, was in the headlines last week after announcing her intention to impose a record fine of £½million on Facebook and launching her report on “Democracy Disrupted? Personal Information and Political Influence”,  a wide ranging and detailed investigation into the complex world of gathering and using personal data for political campaigning. Read More

IP owners to pay the costs of blocking access to infringing websites

David Stone

The UK Supreme Court has unanimously ruled that trade mark owners should pay the costs of implementing a court order requiring UK ISPs to block access to websites selling counterfeit goods. This is a reversal of previous decisions, which had required the ISPs to bear these costs. Rights holders will still be able to obtain Read More

The effect of the new UK cybersecurity laws

Charlotte Mullarkey

On 10 May the Network and Information Systems Regulations 2018 came into force in the UK. These implement the EU NIS Directive, EU-wide rules on cybersecurity. The NIS Directive had to be transposed into Member State laws by 9 May 2018. Many Member States have not met the deadline. Which companies are caught? The UK Read More

ICO guidance on data protection fees – notification is dead, long live registration

Charlotte Mullarkey

To coincide with the implementation of the General Data Protection Regulation (GDPR), the UK data protection authority, the Information Commissioner’s Office (the ICO) has issued guidance on the new proposed fee arrangement for the registration of data controllers in the UK. Assuming this proposal is approved by Parliament, the new ‘data protection fee’ will come Read More