Schrems II: standard contractual clauses survive; Privacy Shield dead

July 16th, 2020 by Robin Hopkins

Well this is a fine mess. Austrian privacy campaigner Max Schrems has struck again: transfers of personal data from the EU to the US are suddenly vulnerable again, thanks to today’s CJEU judgment in Data Protection Commissioner v Facebook Ireland and Max Schrems (Case C-311/18; 16 July 2020) – the so-called Schrems II judgment. The judgment (see here: Schrems II Judgment) is complex and multi-faceted, but I’ll aim for a nutshell summary just now. Read more »


Parliaments and the GDPR

July 10th, 2020 by Christopher Knight

Are national Parliaments subject to the GDPR? Yes, says the CJEU, they are: Case C-272/19 VK v Land Hessen (EU:C:2020:535). The reference to a “public authority” within the definition of “controller” in Article 4(7) GDPR was capable of including the Petitions Committee of the State Parliament, and the CJEU noted that there was no exception in Article 23 for legislative bodies. Read more »


Public Authorities under the EIR: Fishing for Clarity

July 3rd, 2020 by Christopher Knight

Is a private registered provider of social housing, a housing association, a public authority within the meaning of the Environmental Information Regulations 2004 and the Fish Legal line of authority (on which see here re the CJEU and here re the UT)? In Information Commissioner v Poplar Housing Association and Regeneration Community Association [2020] UKUT 182 (AAC) (ICO v Poplar Housing), Farbey J (CP) agreed with the First-tier Tribunal that it was not. Read more »


FOIA Appeals and Enforcement: Who has the Power?

July 2nd, 2020 by Christopher Knight

When the First-tier Tribunal decides an information rights appeal and finds in favour of the requestor, who has the responsibility for enforcing any non-compliance with that judgment? Is it the FTT, or is the Information Commissioner? In an interesting judgment of Judge Jacobs in Moss v Information Commissioner & Royal Borough of Kingston upon Thames [2020] UKUT 174 (AAC), the Upper Tribunal has held that it is the FTT. Read more »


A Rolling Stone Gathers No Anonymity

May 15th, 2020 by Christopher Knight

We previously noted on this blog the useful discussion in D v Information Commissioner [2018] UKUT 441 (AAC) of the principles applicable to the anonymity of parties in information rights appeals. But who, no-one asked us, was D? Well, it turns out on appeal that the answer is: Moss v Information Commissioner [2020] EWCA Civ 580. Ta dah! Read more »


ZXC v Bloomberg: privacy expectations about criminal investigations

May 15th, 2020 by Robin Hopkins

The Court of Appeal has today given judgment in the long-running ZXC v Bloomberg litigation ([2020] EWCA Civ 611). The key points:

  1. In general, a person does have a reasonable expectation of privacy about the fact that/details of their being subject to a police investigation, up to the point of charge.
  2. Reporting about alleged conduct is different from reporting about a criminal investigation into that conduct.

Read more »