Focusing on the latest digital trends and risks and developments in the field of data protection, privacy, information and cyber law.

German antitrust authority restricts Facebook’s processing of user data

Catharina Glugla

On 7 February 2019 the German antitrust authority (Bundeskartellamt) found that the extent to which Facebook collects, merges, attributes to and uses data in user accounts amounts to an abuse of a dominant position on the market for social networks. Under Facebook’s current terms and conditions, users have to agree to Facebook: (1) collecting user Read More

Ethics takes to the stage at the 40th International Conference of Data Protection and Privacy Commissioners

Emma Keeling

At the end of October, the 40th International Conference of Data Protection and Privacy Commissioners (ICDPPC) took place in Brussels and Sofia. This forum, attended by hundreds of delegates from over 70 countries, provided an opportunity for open discussions on the latest developments in data protection, laws and ethics, in what is an increasingly data-driven Read More

What impact is GDPR having on M&A deals?

Nigel Parker

Data protection issues feature increasingly in mergers and acquisitions.  This is driven by a range of factors, including in particular the growing realisation of the value of personal data to a business as well as more widespread appreciation of the risks involved in processing personal data.  The GDPR has acted as a catalyst and data Read More

Encouraging innovation whilst protecting the NHS data resource – a new code for digital technology

Emma Keeling

As big data continues to be big news and data protection law continues to evolve, it is timely that the Department for Health and Social Care (the Department) has published a code of conduct relating to the use of data-driven health and care technology (the Code). Published in its initial form last week (5th September), Read More

ICO Brings Some Welcome Clarification to the GDPR’s International Transfer Rules

David Smith

One of the challenges thrown up by the GDPR is understanding the interrelation between the extra-territorial scope provisions in Article 3 and the restrictions on international transfer in Chapter V. How, for example, do the international transfer restrictions apply, if they apply at all, to a data controller that has no presence in the EU Read More

Defogging the CLOUD Act

Natalie Young

Earlier this year, Congress passed the Clarifying Lawful Overseas Use of Data (“CLOUD”) Act. The CLOUD Act is significant because it allows US law enforcement authorities to access the data of US companies held abroad and could allow foreign governments who have entered into an executive agreement with the US to obtain data stored by Read More