A Data Bridge over Troubled Waters?

On 12 October 2023, the Data Protection (Adequacy) (United States of America) Regulations 2023 will come into effect and the UK-USA ‘data bridge’ will be effected. This will mean that, under the terms of the revised EU-US Data Privacy Framework, and the UK Extension to it, transfers of personal data from the UK to a person in the USA on the Data Privacy Framework List, will be deemed to meet the test of adequacy for the purposes of the UK GDPR and the DPA 2018. Continue reading

Online safety – dawn of a new era

Yesterday the Online Safety Bill received assent in the House of Lords, meaning it is now ready to become law. It is anticipated that the Bill will receive Royal Assent in the course of October 2023. So it is that the UK stands on the brink of a new era in internet regulation, one which is intended fundamentally to improve the health and wellbeing of the nation by making the internet a safer, less hazardous environment for all.

And how, you may well ask, is this improvement to be achieved? Well, in the most basic terms, the Online Safety Bill (soon to be the Online Safety Act) seeks to make the internet a safer place by: (a) converting those online intermediaries who host and index online content – including most obviously social media providers and online search engines – into the digital caretakers of the online world, making them subject to a wide array of duties of care with respect to the content they respectively host or index and, further, (b) charging Ofcom with responsibility for ensuring that online intermediaries are discharging these duties of care in practice. Continue reading

As Meta awoke one day from uneasy dreams it found itself transformed…

It’s been a few days since the CJEU’s landmark 4th July decision in Meta Platforms v Bundeskartellamt (Case C-252/21). As readers of the blog will probably have seen elsewhere, this was no Independence Day victory for Meta. Instead, the CJEU Grand Chamber upheld the idiosyncratic blending of competition law and GDPR by the German competition regulator (the Federal Cartel Office, or FCO). Continue reading

All the pieces matter: relevance, redactions and open justice

Public lawyers, in particular, may have encountered government departments or others redacting the names of ‘junior officials’ on grounds of ‘relevance’ or ‘data protection’, when disclosing documents in litigation. Anecdotally, at least, that has been an increasing trend in recent years. The judgment of Swift J in FMA and Others v SSHD [2023] EWHC 1579 (Admin) contains a very clear – and welcome – statement that this approach is not appropriate.

Continue reading

Standing on the doorstep: UT affirms burden and standard of proof orthodoxy

ICO Enforcement Notices and Monetary Penalty Notices (“MPNs”), and the resulting appeals to the FtT, are the bread and butter of information law litigation. Readers of Panopticon would be forgiven for thinking that issues such as the burden and standard of proof in such appeals would be uncontentious. But not so, according to the appellant in Doorstep Dispensaree Ltd v Information Commissioner [2023] UKUT 132 (AAC).

Continue reading