Facial recognition: a GDPR fine and some further regulation?

September 5th, 2019 by Robin Hopkins

Facial recognition is certainly a hot topic just now. I blogged yesterday about the judgment in Bridges, which saw the Divisional Court dismiss challenges – principally on privacy and data protection grounds – to the use of automated facial recognition technology in a policing context. It would be a mistake, however, for data controllers to assume that the legal and regulatory environment is generally relaxed and permissive about facial recognition. Here are two interesting recent developments to bear in mind alongside the Bridges judgment. Read more »


Fashionably late

September 5th, 2019 by Robin Hopkins

With Panopticon having been prorogued for much of the summer, we didn’t get round to a timely blog post on the CJEU’s judgment from the end of July in Fashion ID GmbH & Co. KG v Verbraucherzentrale NRW eV (Case C-40/17). In case you were likewise lounging around Rees-Mogg style and failed to keep up with data protection judgments, here is a brief summary to help you disguise that from your boss or clients. Read more »


Police use of automated facial recognition: a justified privacy intrusion

September 4th, 2019 by Robin Hopkins

The opening sentence of today’s judgment in R (Bridges) v Chief Constable of South Wales Police and Others [2019] EWHC 2341 (Admin) is right up Panopticon’s alley: “The algorithms of the law must keep pace with new and emerging technologies”. In precisely that spirit, the Divisional Court’s (Haddon-Cave LJ and Swift J) dismissal of the challenge to South Wales Police’s use of Automated Facial Recognition technology (“AFR”) contains very significant lessons in how to apply privacy and data protection law to beneficial but intrusive technology. Read more »


A New Home for Data Protection

August 9th, 2019 by Christopher Knight

All data protection claims issued after 1 October 2019 will now have to be issued in the new, formal, Media and Communications List of the High Court. On that date, a new Part 53 of the CPR will take effect – set out in the Schedule to the Civil Procedure (Amendment No. 3) Rules 2019 – along with two new Practice Directions. Read more »


Norwich Pharmacal orders, the GDPR – and porn

July 18th, 2019 by Robin Hopkins

The GDPR has had its first brush (to my knowledge at least) with the pornography industry in the Courts of England and Wales. In Mircom International and Golden Eye International v Virgin Media and Persons Unknown [2019] EWHC 1827 (Ch), a judgment of 16 July, the High Court declined to order Virgin Media to hand over the IP addresses of persons who had allegedly downloaded and shared porn films in breach of copyright. It was not, however, the GDPR that saved those naughty “persons unknown”. If I can be explicit about it, the Court’s GDPR analysis was highly problematic. Read more »


Schrems 2: CJEU opinion on international transfers due in December

July 11th, 2019 by Robin Hopkins

We’re over a year into the GDPR era, and uncertainty persists on (among other things) mechanisms for the lawful transfer of personal data to non-EU countries whose data protection standards have not been certified as adequate. The US is of course the most notable country on that list – and Max Schrems is the most energetic opponent of transatlantic data transfers. Read more »