FOIA and security bodies: running sections 23 and 24 together

October 18th, 2021 by Robin Hopkins

Some knotty FOIA debates end up generating confusing and apparently contradictory case law; some others get resolved by an authoritative three-person Upper Tribunal. The recent judgment of the UT (Mrs Justice Farbey and UT Judges Mullan and Wikeley) in FCDO v IC, Williams and Others [2021] UKUT 248 (AAC) is a neat example of the latter. It deals with the interplay between sections 23 and 24 of FOIA. Read more »


Reforming UK data protection laws – the ICO responds

October 12th, 2021 by Anya Proops QC

Following the Government’s announcement of its proposals to amend the UK data protection legislation (which you can read about in Katherine’s Taunton’s post here), the ICO has now published its response to those proposals – see here. As expected, the core thrust of the response is that, in pressing for a new more business and particularly tech-friendly data protection regime, the Government should be careful not to throw the data privacy baby out with the bathwater. Not least, we see Elizabeth Denham, in her foreword to the response, emphasising the point that achieving public trust in business – particularly in the tech sector – through the maintenance of high standards of data protection is itself integral to the achievement of economic growth. In terms of the detail, there is much to pore over in a response that runs to some 89 pages. However, points that particularly caught my eye include the following: Read more »


Immigration Exemption Update

October 11th, 2021 by Christopher Knight

Back in late May 2021, it will be recalled that the Court of Appeal found the immigration exemption in para 4 of Schedule 2 to the Data Protection Act 2018 to be unlawful in its failure to comply with Article 23(2) GDPR: see the post here. The judgment made clear that the question of relief would be a matter for further submissions. A hearing was held on the question of relief on 8 October 2021, at the end of which the Court of Appeal announced in open court its decision. The immigration exemption will be declared to be unlawful, but that declaration will be suspended until 31 January 2022. In other words, the Government has until the end of January 2022 to introduce and bring into effect legislation amending the exemption, so as to avoid harm to the public interest. If it fails to do so, the exemption will be disapplied from that date. The Government’s current stated intention is to amend para 4 by means of regulations made under section 16 DPA. The reasons for that ruling will be handed down in due course.

Christopher Knight


Government reveals plans for post-Brexit data regime

September 17th, 2021 by 11KBW Blogs

In the last few days, the UK government has begun a public consultation on its plan to reform data protection legislation in the wake of Brexit entitled Data: A new direction. It says the aim is to create a more “pro-growth and pro-innovation” regime to achieve what the (now former) DCMS Secretary Oliver Dowden dubbed a “data dividend” for the British economy.

As regular Panopticon readers will know, the UK’s data protection regime has principally been driven by the EU framework – most recently in the form of the GDPR. Following the end of the Brexit transition period from January 2021, the GDPR (which during the UK’s membership of the EU had direct effect) was transposed into domestic law with minor changes. This means there is now the ‘EU GDPR’, in force across the 27 Member States, and the ‘UK GDPR’ which is applicable in the UK.

Even before the UK GDPR came into force in January 2021, however, the government had stated its intention to diverge from EU data protection law as part of its National Data Strategy, at least to some extent. These proposals are the first concrete step in that direction. Read more »


Webinar: Data Litigation & Regulation – How do the UK and US compare? – NEW DATE

September 6th, 2021 by kateh

The date for the Data litigation & regulation – how do the UK and US compare? webinar has changed. It will no longer take place on 13 September 2021 and instead will take place on 22 September 2021, 15:00-16:00.

If you were registered for the 13 September 2021 date. You will automatically still be registered and will receive an email from Zoom with the update.

If you weren’t previously registered and would like to, please email


New CJEU judgment on intermediary liability

August 31st, 2021 by Anya Proops QC

The UK Government’s recent introduction of an Online Safety Bill has raised afresh the important question of the extent to which online intermediaries can and should be required to curate and police the content that they host or index online. The Bill itself is controversial. Not least there are serious questions as to whether, as currently framed, it will: (a) require intermediaries to meet excessively burdensome standards (b) subject Ofcom (the proposed regulator in respect of the relevant online safety duties) to regulatory obligations which are themselves Augean in nature and further (c) fundamentally undermine the free speech rights which the Bill itself recognises are foundational to a modern digital democracy. In other words, there is a serious question as to whether this is a Bill that will do more harm than good. It is against that backdrop that we should turn to consider the recent judgment of the CJEU in the case of Peterson v Google LLC C-682/18 and C-683/18. The Peterson case is a copyright case, and so its relevance to the readers of this blog is not immediately discernible. However, it is a case worth considering particularly in view of what it says about the protections afforded to online intermediaries, and particularly hosting platforms, by the E-Commerce Directive. Read more »