Case Law: WM Morrison v Various Claimants, Supermarket not vicariously liable for mass data breach of employee – Ashley Hurst and Philip Kemp

2 04 2020

In its judgment in the case of WM Morrison Supermarkets plc v Various Claimants ([2020] UKSC 12) handed down on 1 April 2020, the Supreme Court reversed the decision of the Court of Appeal and found that Morrisons was not vicariously liable for a rogue employee who posted payroll data of 100,000 other employees on a file-sharing website. Read the rest of this entry »





Coronavirus pandemic has unleashed a wave of cyber attacks: here’s how to protect yourself – Chaminda Hewage

1 04 2020

While most of the world is trying to deal with the COVID-19 pandemic, it seems hackers are not on lockdown. Cyber criminals are trying to leverage the emergency by sending out “phishing” attacks that lure internet users to click on malicious links or files. This can allow the hackers to steal sensitive data or even take control of a user’s device and use it to direct further attacks. Read the rest of this entry »





Society’s dependence on the internet: 5 cyber issues the coronavirus lays bare – Laura DeNardis and Jennifer Daskal

29 03 2020

As more and more U.S. schools and businesses shutter their doors, the rapidly evolving coronavirus pandemic is helping to expose society’s dependence – good and bad – on the digital world. Read the rest of this entry »





Life in the time of CoronaVirus #1: Democracy, Data and Saving Lives – Valerie Eliot Smith

27 03 2020

Planet Earth is currently in the grip of a pandemic, the disease COVID-19, more commonly known as CoronaVirus. The ongoing emergency is creating – and will continue to create – events which are without precedent in modern times. Read the rest of this entry »





News: Supreme Court grants permission to appeal in Lloyd v Google LLC

11 03 2020

The Supreme Court (Lords Wilson, Briggs and Kitchin) has today granted Google LLC permission to appeal against the order of the Court of Appeal in the case of Lloyd v Google LLC ([2019] EWCA Civ 1599) granting the representative claimant permission serve a representative claim out of the jurisdiction. Read the rest of this entry »





Compensation for non-material damage pursuant to Article 82 GDPR – Eoin O’Dell

10 03 2020

The General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 [the GDPR]) provides both for public enforcement by data protection authorities and for private enforcement by any person who has suffered damage as a result of an infringement of the Regulation (on this inter-connection, see Johanna Chamberlain & Jane Reichel “The Relationship Between Damages and Administrative Fines in the EU General Data Protection Regulation” 89 Mississippi Law Journal (forthcoming 2020; SSRN)). Read the rest of this entry »





Google wants to move UK users’ data to the US: what does that mean for your rights? – Henry Pearce

6 03 2020

It was recently reported that Google was planning to move the personal data of its UK users out of the EU and into the US. Several outlets reporting on this story have suggested that this would mean that, as Britain has left the EU, the data would no longer be covered by the EU’s world-leading data protection law, the GDPR. Read the rest of this entry »





Facial recognition is spreading faster than you realise – Garfield Benjamin

1 03 2020

The UK is currently witnessing a tug of war over facial recognition. On the streets of London and in South Wales, live systems have been deployed by the police, supported by the UK government. But in the Scottish parliament, the Justice Sub-Committee on Policing is trying to halt use of the technology. Read the rest of this entry »





Online Harms White Paper: The Government’s Initial Consultation Response – Cathryn Hopkins and Dan Tench

14 02 2020

On 12 February 2020 the Government published its initial response (the “Response”) to last year’s Online Harms White Paper consultation. The Response leaves many issues concerning the regulatory and legislative structure yet to be decided (such as funding and enforcement powers), with the final policy to be published by the Government in the spring. Read the rest of this entry »





The European Data Protection Board’s Draft Guidelines for Search Engines and the Future of the ‘Right to be Forgotten’ Online, Part 2 – David Erdos

13 02 2020

This is the second part of a post dealing with the European Data Protection Board (EDPB)’s draft guidelines on the right to be forgotten.  Part (1) dealt with the scope of the guidance and of ex post rights vis-à-vis search engines.  This post will deal with (2) the substantive grounds for exercising these ex post rights, and (3) the substantive exemptions from these ex post rights. Read the rest of this entry »