Information Commissioners Office

On July 30, 2021, the UK High Court handed down its judgment in the case of Warren v DSG Retail Ltd [2021] EWHC 2168 (QB), determining that the claimant could not seek damages on the basis of misuse of personal information, breach of confidence or common law negligence following a data breach.
Continue Reading UK High Court Dismisses Claims Following DSG Data Breach

On June 29, 2021, the UK Department for Digital, Culture, Media and Sport (“DCMS”) published guidance for businesses on child online safety, which includes guidance on data protection and privacy, age-appropriate content, positive user interactions, and protecting children from online sexual exploitation and abuse.

Continue Reading DCMS and ICO Publish Guidance on Protecting Children Online

On June 4, 2021, the European Commission published the final version of the implementing decision on standard contractual clauses for transfers of personal data to third countries under the EU General Data Protection Regulation, as well as the final version of the new standard contractual clauses.
Continue Reading European Commission Publishes Final Version of Updated Standard Contractual Clauses

On April 9, 2021, the First-Tier Tribunal of the General Regulatory Chamber stayed proceedings in Ticketmaster UK Limited’s (“Ticketmaster’s”) appeal against a fine issued by the UK Information Commissioner’s Office (“ICO”) until 28 days after a judgment in civil litigation brought by 795 customers against Ticketmaster. The group action, which relates to the breach for which Ticketmaster was fined by the ICO, is currently before the High Court in England. As a result of the stay in proceedings, the appeal likely will not be heard before the Tribunal until mid to late 2023.

Continue Reading Ticketmaster Appeal of ICO Fine Stayed by UK Tribunal Until 2023

The Centre for Information Policy Leadership at Hunton Andrews Kurth has submitted its comments on the Irish Data Protection Commissioner’s draft guidance on the safeguarding of the personal data of children when providing online services.
Continue Reading CIPL Submits Comments on Irish DPC’s Guidance on Safeguarding Personal Data of Children

The Secretary of State for Digital, Culture, Media & Sport has signed a Memorandum of Understanding with the UK Information Commissioner’s Office in relation to new UK adequacy assessments following the UK’s departure from the European Union. The Memorandum of Understanding sets out how DCMS and third countries will negotiate adequacy decisions, referred to under the Memorandum of Understanding as “adequacy regulations”.
Continue Reading UK Government and ICO Agree on Procedure for Future Adequacy Decisions

On January 19, 2021, the UK Information Commissioner’s Office published its analysis of the application of the UK General Data Protection Regulation to transfers from UK-based firms or branches that are registered, required to be registered or otherwise regulated by the U.S. Securities and Exchange Commission.
Continue Reading ICO Confirms UK Firms May Rely on Public Interest Derogation for SEC Transfers

On December 24, 2020, the European Union and the United Kingdom reached an agreement in principle on the historic EU-UK Trade and Cooperation Agreement. For data protection purposes, there is a further transition period of up to six months to enable the European Commission to complete its adequacy assessment of the UK’s data protection laws. For the time being, personal data can continue to be exported from the EU to the UK without implementing additional safeguards.
Continue Reading EU-UK Trade Deal: What It Means For Post-Brexit Data Flows