On August 11, 2020, the Court of Appeal of England and Wales overturned the High Court’s dismissal of a challenge to South Wales Police’s use of Automated Facial Recognition technology, finding that its use was unlawful and violated human rights.
Continue Reading UK Court of Appeal Finds Automated Facial Recognition Technology Unlawful in Bridges v South Wales Police

On January 8, 2020, the Information Commissioner’s Office (“ICO”) launched a consultation on its draft direct marketing code of practice (the “Draft Code”), as required by section 122 of the Data Protection Act 2018 (“DPA 18”). The Draft Code is open for public consultation until March 4, 2020.
Continue Reading ICO Publishes Draft Direct Marketing Code of Practice for Consultation

On October 2, 2019, the UK Court of Appeal handed down its judgment on the appeal in Richard Lloyd v. Google LLC, in which Richard Lloyd, a consumer protection advocate, seeks to bring a representative action on behalf of four million Apple iPhone users against Google LLC in the United States. Previously, the High Court had refused to grant permission for the proceedings to be served outside the UK. The Court of Appeal reversed the High Court’s judgment, granting permission for service outside the UK and allowing the representative action to proceed. The judgment is significant as it paves the way for representative actions (equivalent to class actions) for data protection infringements in the UK.

Continue Reading UK Court of Appeal Permits Activist to Proceed with Claim for Damages Against Google

On September 4, 2019, the High Court of England and Wales dismissed a challenge against South Wales Police’s use of Automated Facial Recognition technology, determining that the police’s use of AFR had been necessary and proportionate to achieve their statutory obligations.
Continue Reading High Court Dismisses Challenge to Police Use of Facial Recognition Technology

On April 15, 2019, the UK Information Commissioner’s Office issued for public consultation a draft code of practice that, once in effect, will regulate the provision of online services likely to be accessed by children in the UK. This blog entry provides an overview of the draft code.
Continue Reading Age Appropriate Design: ICO Issues Draft Code of Practice for Online Services Used by Children

On April 17, 2019, the Dutch Data Protection Authority issued six recommendations for companies, to be taken into account when drafting privacy policies. This blog entry provides an overview of the recommendations as well as the investigation which preceded their issuance.
Continue Reading Dutch DPA Issues Guidelines on Privacy Policies Following Investigation