How is jurisdiction determined in a claim for breach of the GDPR? We know the rule in Article 79(2) GPDR. But how does that interplay with the ordinary private international law rules of jurisdiction, set out in Brussels I Recast Regulation: Regulation (EU) 1215/2012? What about where the controller seeks to rely on a jurisdiction agreement, which under Article 25 of the Brussels I Recast Regulation, would take priority? Continue reading
Morrisons in the Supreme Court – hearing date
We reported recently that the Supreme Court had given Morrisons permission to appeal against the Court of Appeal’s judgment in Various Claimants v Morrison Supermarkets Plc (vicarious liability/data breach case). I can now confirm that the hearing of the appeal is due to take place on 6-7 November 2019.
Anya Proops QC
Data Transfers to the USA
On 9 July the CJEU will hear oral submissions by the parties in Case C-311/18 Facebook Ireland & Schrems, in which the Irish Data Protection Commissioner (not Mr Schrems) is seeking to invalidate the Commission’s Decisions setting out standard contractual clauses. The basis for that attempt is the ability of national security bodies in the USA to gain access to personal data transferred to the US from the EU under SCCs. The fact that SCCs apply generally to all international transfers, and not just to the USA, is a point which has not eluded most of the other parties involved before the CJEU. Nonetheless it is likely that there will be some degree of comment from the CJEU on the Privacy Shield mechanism as part of the context to the issues. Continue reading
Information Tribunal Lay Member Appointments Open
Ever fancied being a wing member of an Information Rights Tribunal? Well, for ten lucky applicants, your dreams can come true. Panopticon’s attention has been drawn to a Judicial Appointments Commission application process which opens in August (and closes in September) for ten new Information Rights lay members. You can find the details here. Appointees will sit in the First-tier Tribunal, and occasionally the Upper Tribunal, to hear FOIA, EIR and DPA appeals. Non-lawyer readers of this blog – and we know you are out there – should consider applying.
Christopher Knight
Happy birthday GDPR – but where’s the e-Privacy Regulation?
So, we approach the GDPR’s first birthday. You know what’s nice for birthdays? Fines. Really big ones. According to an article in today’s Times (paywall), significant GDPR monetary penalties from the ICO are imminent, around the 1-year mark for our new data protection regime. The Irish DPC is apparently limbering up likewise. And it also announced its investigation into Google’s Ad Exchange this week, which could develop into a very significant foray into online ad tech. Continue reading
Bridle-ing at a SAR?
Sometimes the Easter Bunny comes bearing mysteriously non-egg shaped gifts to the data protection practitioner. The judgment of the always-worth-reading Warby J in Rudd v Bridle & J&S Bridle Ltd [2019] EWHC 893 (QB) is just such a delivery, albeit that this one appears to contain a high content of asbestos. Continue reading