The Facebook Appeal and Procedural Grounds

July 10th, 2019 by Christopher Knight

What sort of grounds of challenge can be run on an appeal against a monetary penalty notice issued by the Information Commissioner? Where the Tribunal has a full merits jurisdiction, is there scope for grounds of challenge relating to the process by which the MPN was reached? Read more »


Jurisdiction, the GDPR and Brussels I

June 27th, 2019 by Christopher Knight

How is jurisdiction determined in a claim for breach of the GDPR? We know the rule in Article 79(2) GPDR. But how does that interplay with the ordinary private international law rules of jurisdiction, set out in Brussels I Recast Regulation: Regulation (EU) 1215/2012? What about where the controller seeks to rely on a jurisdiction agreement, which under Article 25 of the Brussels I Recast Regulation, would take priority? Read more »


Morrisons in the Supreme Court – hearing date

June 25th, 2019 by Anya Proops QC

We reported recently that the Supreme Court had given Morrisons permission to appeal against the Court of Appeal’s judgment in Various Claimants v Morrison Supermarkets Plc (vicarious liability/data breach case). I can now confirm that the hearing of the appeal is due to take place on 6-7 November 2019.

Anya Proops QC


Data Transfers to the USA

June 24th, 2019 by Christopher Knight

On 9 July the CJEU will hear oral submissions by the parties in Case C-311/18 Facebook Ireland & Schrems, in which the Irish Data Protection Commissioner (not Mr Schrems) is seeking to invalidate the Commission’s Decisions setting out standard contractual clauses. The basis for that attempt is the ability of national security bodies in the USA to gain access to personal data transferred to the US from the EU under SCCs. The fact that SCCs apply generally to all international transfers, and not just to the USA, is a point which has not eluded most of the other parties involved before the CJEU. Nonetheless it is likely that there will be some degree of comment from the CJEU on the Privacy Shield mechanism as part of the context to the issues. Read more »


Information Tribunal Lay Member Appointments Open

June 19th, 2019 by Christopher Knight

Ever fancied being a wing member of an Information Rights Tribunal? Well, for ten lucky applicants, your dreams can come true. Panopticon’s attention has been drawn to a Judicial Appointments Commission application process which opens in August (and closes in September) for ten new Information Rights lay members. You can find the details here. Appointees will sit in the First-tier Tribunal, and occasionally the Upper Tribunal, to hear FOIA, EIR and DPA appeals. Non-lawyer readers of this blog – and we know you are out there – should consider applying.

Christopher Knight


Happy birthday GDPR – but where’s the e-Privacy Regulation?

May 23rd, 2019 by Robin Hopkins

So, we approach the GDPR’s first birthday. You know what’s nice for birthdays? Fines. Really big ones. According to an article in today’s Times (paywall), significant GDPR monetary penalties from the ICO are imminent, around the 1-year mark for our new data protection regime. The Irish DPC is apparently limbering up likewise. And it also announced its investigation into Google’s Ad Exchange this week, which could develop into a very significant foray into online ad tech. Read more »