Schrems 2: CJEU opinion on international transfers due in December

July 11th, 2019 by Robin Hopkins

We’re over a year into the GDPR era, and uncertainty persists on (among other things) mechanisms for the lawful transfer of personal data to non-EU countries whose data protection standards have not been certified as adequate. The US is of course the most notable country on that list – and Max Schrems is the most energetic opponent of transatlantic data transfers. Read more »


The Facebook Appeal and Procedural Grounds

July 10th, 2019 by Christopher Knight

What sort of grounds of challenge can be run on an appeal against a monetary penalty notice issued by the Information Commissioner? Where the Tribunal has a full merits jurisdiction, is there scope for grounds of challenge relating to the process by which the MPN was reached? Read more »


Jurisdiction, the GDPR and Brussels I

June 27th, 2019 by Christopher Knight

How is jurisdiction determined in a claim for breach of the GDPR? We know the rule in Article 79(2) GPDR. But how does that interplay with the ordinary private international law rules of jurisdiction, set out in Brussels I Recast Regulation: Regulation (EU) 1215/2012? What about where the controller seeks to rely on a jurisdiction agreement, which under Article 25 of the Brussels I Recast Regulation, would take priority? Read more »


Morrisons in the Supreme Court – hearing date

June 25th, 2019 by Anya Proops QC

We reported recently that the Supreme Court had given Morrisons permission to appeal against the Court of Appeal’s judgment in Various Claimants v Morrison Supermarkets Plc (vicarious liability/data breach case). I can now confirm that the hearing of the appeal is due to take place on 6-7 November 2019.

Anya Proops QC


Data Transfers to the USA

June 24th, 2019 by Christopher Knight

On 9 July the CJEU will hear oral submissions by the parties in Case C-311/18 Facebook Ireland & Schrems, in which the Irish Data Protection Commissioner (not Mr Schrems) is seeking to invalidate the Commission’s Decisions setting out standard contractual clauses. The basis for that attempt is the ability of national security bodies in the USA to gain access to personal data transferred to the US from the EU under SCCs. The fact that SCCs apply generally to all international transfers, and not just to the USA, is a point which has not eluded most of the other parties involved before the CJEU. Nonetheless it is likely that there will be some degree of comment from the CJEU on the Privacy Shield mechanism as part of the context to the issues. Read more »


Information Tribunal Lay Member Appointments Open

June 19th, 2019 by Christopher Knight

Ever fancied being a wing member of an Information Rights Tribunal? Well, for ten lucky applicants, your dreams can come true. Panopticon’s attention has been drawn to a Judicial Appointments Commission application process which opens in August (and closes in September) for ten new Information Rights lay members. You can find the details here. Appointees will sit in the First-tier Tribunal, and occasionally the Upper Tribunal, to hear FOIA, EIR and DPA appeals. Non-lawyer readers of this blog – and we know you are out there – should consider applying.

Christopher Knight