Data protection lawyers and specialists have long been used to their area of expertise being treated as a rather mould-infested and irritating area of the law, like champerty but with more Schedules. Amongst other things, Brexit seems to have caused a bit of an upsurge in interest in how cross-border data flows are going to be managed in the brave new world. (Panopticon has seen articles in the last few months mentioning the GDPR and data protection after Brexit in the LRB and Private Eye, which is a bit like unexpectedly finding your girlfriend on page 3 of the Sun and the New Left Review on the same day.) HM Government have also recognised the importance of the issue, and have today published their position paper entitled ‘The exchange and protection of personal data’. Continue reading
The Wages of Sin is: the Ability to Rely on Section 12
What happens when your FOIA request to a public authority is met with the response that it would breach the cost limits set under section 12 to respond to the request because the authority’s record keeping systems are in a particular (i.e. poor) state? In a word: tough. Continue reading
Government publishes data protection bill proposals
For those of you champing at the bit to learn of the Government’s plans for domesticating the GDPR, I have some good news. The Government has today, in the personage of Matt Hancock MP, Digital Minister, published its ‘statement of intent’ in respect of the new data protection bill – see here. Some key highlights of the proposals include the following: Continue reading
Brussels Update: Exams and Data Transfers
It is worth noting a couple of data protection developments from our European neighbours from the last week or so. First, Advocate General Kokott has handed down an Opinion in Case C-434/16 Nowak v Data Protection Commissioner (ECLI:EU:C:2017:582) about examination scripts. Second, the CJEU has delivered itself of Opinion 1/15 (ECLI:EU:C:2017:592) on the compatibility with Charter rights of the envisaged agreement between the EU and Canada on Passenger Name Record data. Continue reading
A global right to be forgotten?
In its (in)famous Google Spain judgment in 2014, the CJEU breathed life into the right to be forgotten. That right – explicitly preserved in the GDPR – is one of the more divisive limbs of EU data protection law: it is good for privacy, but it can be very bad for freedom of expression. That concern is drawn out sharply in current litigation between Google and the French data protection authority, Commission Nationale Informatique et Libertes (CNIL). The crux of the dispute is this: does your EU-given right to be forgotten apply across the whole world? Continue reading
Jeremy Corbyn and the DPA
Remember Jeremy Corbyn in his pre-cult figure days? (Okay, I know he has always been a cult figure to some – but I mean before the election and Glastonbury and so on). Remember the CCTV footage of him slouching about in a vestibule on a busy Virgin train? If so, you will probably remember that Virgin responded to the suggestion of overcrowding by publishing CCTV footage from the train journey to show that there were seats available. Did it breach the DPA in doing so? Continue reading