Few readers of this blog will be unaware of the CJEU’s seminal judgment in the case of Schrems v Facebook Case C-362/14, where the Court struck down the EU Commission’s decision that the US’ safe harbour regime was adequate for data protection purposes. However, of course that was not the end of Mr Schrems’ mission to hold Facebook to account for transferring personal data obtained from within the EU into the US. Following the judgment, he went on to bring civil claims against Facebook in the Austrian courts for breaching his data protection obligations, including a claim for injunctive relief and a claim for damages (Mr Schrems is himself domiciled in Austria). More than this, he sought to act as a lightening-rod for claims brought by other individuals domiciled in foreign jurisdictions, including Germany and India. The claimants concerned assigned their claims against Facebook to Mr Schrems with a view to his leading the litigation charge against Facebook. Continue reading →

For those of you champing at the bit to learn of the Government’s plans for domesticating the GDPR, I have some good news. The Government has today, in the personage of Matt Hancock MP, Digital Minister, published its ‘statement of intent’ in respect of the new data protection bill – see here. Some key highlights of the proposals include the following: Continue reading →

Some of you may have read in last week’s Guardian of an ICO ruling which resulted in the Ministry of Justice handing over a judge’s handwritten notes under data protection legislation (if not, see the article here). If you did read the article, it may be that you are now scratching your head trying to work out why and how the notes came to be disclosed. Well you need scratch no longer – here is the ICO decision letter (for which thanks to Mrs Percival). The following appears from the decision letter: Continue reading →

Hot of the press – The European Court of Human Rights has just handed down its judgment in the case of Satamedia v Finland. This is an important judgment on the relationship between the right to data privacy (even in respect of data which is publicly available) and the right to freedom of expression. More analysis to follow in due course.

Anya Proops QC

Just in case any readers are interested, the EU has announced that it is setting up a ‘multi-stakeholder expert group’ to assist the EU Commission in understanding the potential challenges posed by the application of the GDPR (see here). It is anticipated that the group will consist of academic, legal practitioners, as well as business and civil society representatives. If you or your clients are interested in applying for membership of the group, here’s the relevant link.

Anya Proops QC

What with all the kerfuffle over Brexit negotiations and the impending snap general election, you could perhaps be forgiven for failing to notice that the Government had rushed the Digital Economy Bill through Parliament in last week’s “wash up” before the dissolution of Parliament. The Bill in fact received Royal Assent last Thursday, 27 April. So why does the Digital Economy Act matter to privacy practitioners? Continue reading →