WordPress + Bootstrap

The Data Protection Bill contains some wonderful provisions. For example: “Chapter 2 of this Part applies for the purposes of the applied GDPR as it applies for the purposes of the GDPR. In this Chapter, “the applied Chapter 2” means Chapter 2 of this Part as applied by this Chapter.” And suchlike.

It is just possible that there are some of you who need to get your head around the Bill, but haven’t yet had the time or stomach for it. You are probably thinking “surely some data protection obsessive has read it and summarised it for me somewhere?”. As ever, Panopticon is the proud home of data protection obsessives. Here is a link to an overview of the Bill which I did for Practical Law. Enjoy!

Robin Hopkins @hopkinsrobin

Data protection developments are not often seen through a constitutional lens, but readers may be interested to glance at the recent post by Oliver Butler from the UK Constitutional Law Blog on concerns about clause 15 of the Data Protection Bill and the delegated legislation powers it provides. There will be much to watch out for as the Bill progresses.

Christopher Knight

Anyone who has anything to do with data protection will know that the UK’s Data Protection Bill was published and put before Parliament on Thursday 14 September. But to digest it in full, one needs time, commitment, and coffee. It is not a straightforward read. It seeks to implement the GDPR in full and in Brexit-proof fashion, to plug the gaps that the GDPR requires member states to fill, and also to apply a GDPR-like regime to areas of data processing that are not covered by the GDPR itself. The Bill is of course liable to change in the coming months, but here are some observations and highlights in the meantime. Continue reading →

The GDPR is still eight months away from coming into force, but – as with any such sea-change – it is informing much of our data protection thinking already. In its recent judgment in the Barbulescu case about monitoring employee communications, for example, the European Court of Human Rights cited provisions of the GDPR. Here are some substantive recent developments illustrating the direction of travel in contentious data protection. Continue reading →

In January 2016, Panopticon brought you a post entitled “Employer was entitled to access employee’s private Yahoo! messages (and to sack him)”. It concerned an eye-catching judgment of the Fourth Section of the European Court of Human Rights in the case of Barbulescu v Romania (application 61496/08).

In a nutshell: the applicant had used his employer’s Yahoo! messenger service (intended for work use) for personal communications, including with his fiancé and brother. His employer monitored those communications and sacked him for misuse of its messenger service. Did that monitoring of his private communications breach his privacy rights under Article 8 ECHR? No, said the Romanian courts, and Strasbourg’s Fourth Chamber said likewise (a victory for common sense, said many employers!). But on a further appeal to the Grand Chamber of the ECHR, that assessment has been reversed: the last word is that Article 8 was indeed breached here (what now, ask many employers?). Continue reading →

Data protection lawyers and specialists have long been used to their area of expertise being treated as a rather mould-infested and irritating area of the law, like champerty but with more Schedules. Amongst other things, Brexit seems to have caused a bit of an upsurge in interest in how cross-border data flows are going to be managed in the brave new world. (Panopticon has seen articles in the last few months mentioning the GDPR and data protection after Brexit in the LRB and Private Eye, which is a bit like unexpectedly finding your girlfriend on page 3 of the Sun and the New Left Review on the same day.) HM Government have also recognised the importance of the issue, and have today published their position paper entitled ‘The exchange and protection of personal data’. Continue reading →