A class action style law suit valued at £2bn has been filed in the High Court against Google, focusing on subsidiary YouTube’s handling of child user data.Continue reading
The European Court of Justice has handed down its highly anticipated ruling in the Schrems II case. The case considered the validity of the EU-US Privacy Shield and the efficacy of Standard Contractual Clauses (“SCC”) as data transfer protection mechanisms.
In this landmark case it was found that the EU Commission’s adequacy decision around the EU-US Privacy Shield framework was invalid. The leaves the mechanism for conducting EU-US data transfers in question. This matter maybe covered by recent discussions between the UK and US around entering into a seperate data sharing agreement. However, in the interim a transitional mechanism is sorely needed alongside guidance for data processors to give clarity to how data sharing between the countries can be regulated and data subjects rights safeguarded.
The SCC regime was affirmed to be valid however, it was suggested that companies and regulators enter into a case by case basis analysis of risk. In particular, it was highlighted that such an assessment should take place where government access to data is mandated. This is a highly topical issue in the US given current efforts to put in place a federal data protection regime.
For more details on the Schrems II case see-
The ICO‘s press release
Following significant pressure from groups such as OpenDemocracy and Foxglove the UK government has released its data sharing contracts with companies such as Amazon, Google and Microsoft for the creation of a cloud database for sharing covid-19 related data. Contracts with AI firms Planatir and Faculty were also released.Continue reading
Sites you visit, applications you use and services you take all have privacy policies – but what are they and why are they important, despite many people just check boxing them? Continue reading
Following its data breach in November 2013 the Morrisons data breach case is now before the UK Supreme Court. The breach involved the personal data of 5,500 employees.
An employee, Mr Skelton, took a memory stick containing the records of employees home. In January 2014 he uploaded the contents onto a data sharing website, later sending it to newspapers. Continue reading
In September 2017 Equifax suffered a data breach exposing the personal data of over 147 million people. Hackers utilised a website application vulnerability to access the personal data of customers. Continue reading
Personal data, such as your name, likeness, birthday or any other information which can be used to identify you is highly sensitive.
Protecting and bringing actions on the basis of your personal data being harvested, used or misused is a key foundational right to privacy. Continue reading
Mr Lloyd, a consumer protection advocate, brought a claim against Google for damages on behalf of 4m Apple iPhone users. It was alleged that Google secretly tracked some of their internet activity for commercial purposes between 9 August 2011 and 15 February 2012. Continue reading