May 4th, 2016 by Christopher Knight
If you thought the GDPR had a disappointing ring of informality to it, you will be delighted to hear that the final translated text of the GDPR has now been published in the Official Journal. As a result, it has a number: Regulation 2016/679. But it is not just a number; it is also a free man, having a lengthy name (“Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC”). The OJ English text in html can be found here, and the pdf here. Article 99(2) provides that it shall apply from 25 May 2018.
Altogether now: ‘Remember my name: Regulation 2016/679! I’m going to live forever!* I’m going to learn how to fly!**”
*Or at least until the next burst of data protection enthusiasm.
**Although better details on learning to fly may be found in the new Passenger Name Record Directive, or Directive 2016/681. The Criminal Law Enforcement Data Protection Directive, or Directive 2016/680, has also now been published.
Regulation 2016/679 doesn’t sound very catchy, but we’ll all know it off by heart soon enough.
April 20th, 2016 by James Goudie QC
James Goudie QC explains the new designations made under the Freedom of Information (Scotland) Act 2002 (Designation of Persons as Scottish Public Authorities) Order 2016. Read the article click here
James Goudie QC
April 18th, 2016 by Anya Proops QC
It has long been clear that, so far as the common law is concerned, there is no neat dividing line between information which is private and that which is public. Thus, depending on the circumstances, information relating to an individual’s private life which has entered the public domain may yet engage privacy rights (see further e.g. McKennitt v Ash  EWHC 303 (QB) and Green Corns v Claverley  958 (QB) and Rocknroll v News Group  EWHC 24 (Ch)). However, what is the position where, notwithstanding that an injunction restrains the publication of the information domestically, the information is being extensively published and shared online elsewhere around the world?
This is the difficult issue which the English Court of Appeal was required to address in the high profile case of PJS v News Group Newspapers  EWCA Civ 393. In PJS, the English Court of Appeal had granted the claimant an interim injunction restraining publication of information concerning his engagement in a particular sexual encounter, the notorious ‘celebrity threesome’. There had been no legal challenge to the granting of the injunction. However, after the injunction was granted, the story was published overseas and promptly spread like wildfire on the internet. This led to an application by NGN to discharge the injunction, on the basis that, because PJS’s identity was now so widely known, it was in effect not worth the paper it was written on. Read more »
April 14th, 2016 by Robin Hopkins
We have crossed the Rubicon. Several years of tortuous haggling, drafting and editing have culminated in the new General Data Protection Regulation, which will become the bedrock for EU data protection law. In the last couple of hours, the European Parliament has voted on and approved the final agreed text of the GDPR. The GDPR is expected to come into force around mid-2018. You can read the final text here, and (courtesy of @PrivacyMatters), you can find a photo here of the GDPR’s champion, Jan Albrecht, smiling at the outcome, in his trademark jaunty stiped shirt and jacket.
In the meantime, the immediate future of EU-US personal data transfers is much less certain. Chris Knight has previously explained the ‘Privacy Shield’, a kind of emergency sticking plaster measure introduced in the wake of the Schrems litigation, which killed off the Safe Harbor arrangements for transatlantic transfers. The Article 29 Working Party – perhaps the EU’s most authoritative voice on data protection matters – has this week endorsed aspects of Privacy Shield as an improvement on Safe Harbor. Crucially, however, the A29 WP is far from convinced that Privacy Shield is up the answer. It has ‘strong concerns’, which you can read about here. No Rubicons crossed on this issue just yet.
Robin Hopkins @hopkinsrobin
April 12th, 2016 by Robin Hopkins
Suppose confidential, private and sensitive information is sold, leaked or otherwise wrongly disclosed by a rogue employee: is the employer vicariously liable? This question is a troubling one for many an employer and data controller. A new judgment on a claim for misuse of private information sheds some light on this question – and will not be comforting for employers and data controllers. The case is Axon v Ministry of Defence  EWHC 787 (QB).
The Claimant was the commanding officer of a Royal Navy frigate when, in December 2004, he was summoned to London and relieved of his command following an investigation into his alleged bullying of officers on his ship. In that same month, the Sun published articles about the incident (‘Mutiny Skipper Sacked’ and so on). Read more »
April 8th, 2016 by Robin Hopkins
Gurieva & Anor v Community Safety Development (UK) Ltd  EWHC 643 (QB), a judgment of Warby J of 6 April 2016, is the High Court’s latest word on subject access requests. It illustrates some of the emerging trends in subject access litigation. It is also a salutary reminder to ensure that, for subject access request cases as for any other, adequate evidence is presented. Read more »