Amidst the headlines about standard clauses post-Schrems II, there are a number of other practical issues to remember about international data transfers. In particular, if you are relying on binding corporate rules where your chosen supervisory authority is the ICO in the UK. The EDPB has published an Information Note reminding controllers that before the end of the transition period, they need to have identified and chosen a new EU supervisory authority AND to have obtained an approval decision from that new authority in respect of the BCRs before the end of the transition. So don’t delay. Supervisory authorities are not renowned for their administrative speed. Read more »
飞飞加速器跑路了-outline
July 23rd, 2024 by Christopher Knight
飞飞加速器跑路了-outline
July 20th, 2024 by 国外ip地址伕理It is a common trope of media lawyers that defamation claims have been on the wane since the Defamation Act 2013, and that data protection law might be the way to fill the gap. (We at Panopticon scorn such arriviste tendencies.) And in Warby J, there is a willing champion of alignment of legal principles between defamation and data protection. He particularly emphasised the read-across in the context of complaints of inaccurate data processing in NT1 v Google LLC [2018] EWHC 799 (QB) (see here) and he has done so again in his very interesting judgment in Aven v Orbis Business Intelligence Ltd [2024] EWHC 1812 (QB). 海外ip伕理
飞飞加速器跑路了-outline
July 17th, 2024 by Robin HopkinsIn yesterday’s post outlining the Schrems II judgment, I said international data transfers were now in a fine mess. As I re-read the CJEU’s judgment, it occurs to me that my assessment was wrong. It is not a fine mess. It is an awful, almighty mess, it seems to me. Read more »
飞飞加速器跑路了-outline
July 16th, 2024 by Robin HopkinsWell this is a fine mess. Austrian privacy campaigner Max Schrems has struck again: transfers of personal data from the EU to the US are suddenly vulnerable again, thanks to today’s CJEU judgment in Data Protection Commissioner v Facebook Ireland and Max Schrems (Case C-311/18; 16 July 2024) – the so-called Schrems II judgment. The judgment (see here: Schrems II Judgment) is complex and multi-faceted, but I’ll aim for a nutshell summary just now. Read more »
飞飞加速器跑路了-outline
July 10th, 2024 by Christopher KnightAre national Parliaments subject to the GDPR? Yes, says the CJEU, they are: Case C-272/19 ip伕理海外版 (EU:C:2024:535). The reference to a “public authority” within the definition of “controller” in Article 4(7) GDPR was capable of including the Petitions Committee of the State Parliament, and the CJEU noted that there was no exception in Article 23 for legislative bodies. 国外ip地址伕理
Public Authorities under the EIR: Fishing for Clarity
July 3rd, 2024 by Christopher KnightIs a private registered provider of social housing, a housing association, a public authority within the meaning of the Environmental Information Regulations 2004 and the Fish Legal line of authority (on which see here re the CJEU and here re the UT)? In Information Commissioner v Poplar Housing Association and Regeneration Community Association [2024] UKUT 182 (AAC) (ICO v Poplar Housing), Farbey J (CP) agreed with the First-tier Tribunal that it was not. Read more »