Putting children at the centre: is re-designing the digital environment possible? – Mariya Stoilova and Sonia Livingstone

23 06 2019

Children (and adults alike) seem to be ‘playing tag’ with a sophisticated and fast-changing digital environment whose privacy parameters are hard to define and consequences even harder to predict. Read the rest of this entry »





Data Protection: ICO reports on Adtech and Real Time Bidding, finds that data protection laws are being ignored

22 06 2019

On 20 June 2019 the Information Commissioner’s Office published its Update Report into Adtech and Real Time Bidding [pdf] dealing with the use of personal data the real time bidding (“RTB”) process in online advertising. Read the rest of this entry »





GDPR: The digital age of consent, one year on – Alex Cooney

24 05 2019

This Saturday, 25 May, will be the one year anniversary of Europe’s General Data Protection Regulation (GDPR) coming into force. Alex Cooney, CEO of CyberSafeIreland, a non-profit working to empower children, parents and teachers to navigate the online world in a safe and responsible manner, discusses the impact of the regulation on children, particularly the GDPR’s requirement for a digital age of consent. Read the rest of this entry »





Case Law: Rudd v Bridle, Asbestos industry advisor ordered to answer physician’s subject access requests – Hugh Tomlinson QC

9 05 2019

In Rudd v Bridle [2019] EWHC 893 (QB), Warby J tried a number of issues arising out of a data subject access request (“DSAR”) under s.7 of the Data Protection Act 1998 (“the DPA 1998”). He held that information provided to the Claimant was inadequate, rejected the Defendant’s entitlement to rely on three claimed exemptions and ordered him to provide the Claimant with further information. Read the rest of this entry »





News: Supreme Court grants permission to appeal in the Morrisons mass data breach case

3 05 2019

On 15 April 2019, the UK Supreme Court granted permission to appeal in the data protection group action case of Various Claimants v W M Morrison Supermarkets.  The Court of Appeal ([2018] EWCA Civ 2339) had upheld the Judge’s ruling that Morrisons was vicariously liable for its employee’s data breach. Read the rest of this entry »





74 screens of legalese don’t protect your data: here’s a blueprint for new laws that could make a difference – Fred H Cate

20 04 2019

File 20190409 2912 1wuiuu0.jpg?ixlib=rb 1.1All over the world, government officials are trying to figure out how to craft laws and regulations about privacy – especially for digital data and online activity. The European Union’s General Data Protection Regulation took effect in May 2018; about a month later, California’s new Consumer Privacy Act did too. Both impose stringent new legal requirements on organizations that collect and use personal data. Read the rest of this entry »





Twins separated at birth: The re-convergence of data protection and freedom of information – Perry Keller

23 02 2019

The governance of decision-making algorithms is now a pressing issue across many fields of law and policy. Yet, given the technical opacity of advanced data analytics, finding ways to ensure meaningful transparency and sustainable accountability is currently, at best, a work in progress. Read the rest of this entry »





European Data Protection and Freedom of Expression After Buivids: An Increasingly Significant Tension, Part Two. The Analysis – David Erdos

22 02 2019

The outcome in Buivids draws significantly on long-standing CJEU jurisprudence.  Thus, as far back as 2003, Lindqvist had already stressed the broad material applicability of data protection in an online publishing context and also argued that the personal/household exemption was not applicable where “data are made accessible to an indefinite number of people” (at [47]). Read the rest of this entry »





European Data Protection and Freedom of Expression After Buivids: An Increasingly Significant Tension, Part One. The Decision – David Erdos

21 02 2019

On 14 February 2019 the Court of Justice of the European Union (CJEU) handed down its decision in Buivids, a case which pitted an amateur individual online publisher against the Latvian Data Protection Authority (DPA). Read the rest of this entry »





Social media doesn’t need new regulations to make the internet safer: GDPR can do the job – Eerke Boiten

16 02 2019

From concerns about data sharing to the hosting of harmful content, every week seems to bring more clamour for new laws to regulate the technology giants and make the internet “safer”. But what if our existing data protection laws, at least in Europe, could achieve most of the job? Read the rest of this entry »