On August 11, 2021, the UK Information Commissioner’s Office launched a consultation on its draft international data transfer agreement and guidance for organizations on international transfers. Once finalized, the agreement will replace the existing EU Standard Contractual Clauses in the UK.
Continue Reading Update: International Data Transfer Agreement and Addendum Replace SCCs

On December 20, 2021, the UK Information Commissioner’s Office (“ICO”) launched a public consultation on its regulatory approach. The consultation involves three separate documents – the ICO’s Regulatory Action Policy (“RAP”), Statutory Guidance on the ICO’s Regulatory Action, and Statutory Guidance on the ICO’s PECR Powers. The RAP sets forth the ICO’s risk-based approach to regulatory action and explains the factors the ICO considers before taking regulatory action, how the ICO works with other regulators, and enforces the legislation for which it is responsible. Together, the three documents illustrate how the ICO aims to enforce information rights for data subjects in the UK.

Continue Reading UK ICO Consults on Regulatory Action Policy

On November 10, 2021, the UK Supreme Court issued its long-awaited judgment in the Lloyd v Google case. The decision is expected to make it difficult in practice for a future class action lawsuit that is brought on behalf of a class of individuals who have not actively opted in to being represented by the lead claimant to proceed under UK law.
Continue Reading Lloyd Court Says No to Class Action-Style Lawsuits in the UK

On October 12, 2021, the Oxford County Court determined that a homeowner had breached the Data Protection Act 2018 (“DPA”) and UK General Data Protection Regulation (“UK GDPR”) by using Ring security cameras around his property. In Dr Mary Fairhurst v Mr Jon Woodard, Fairhurst claimed harassment, nuisance and breach of UK data protection law based on her former neighbor, Woodard’s, use of security cameras and lights around his property. While the claim in nuisance failed, the judge found for the claimant on the claims of harassment and breach of data protection law.

Continue Reading UK Homeowner’s Use of Ring Security Camera Found to Infringe UK GDPR

On September 10, 2021, the UK Government Department for Digital, Culture, Media & Sport launched a consultation on its proposed reforms to the UK data protection regime to reflect DCMS’s effort to deliver on Mission 2 of the National Data Strategy. The consultation will close on November 19, 2021, and CIPL will consult with members to prepare a formal response to the consultation.
Continue Reading DCMS Consults on National Data Strategy

On August 12, 2021, the UK Information Commissioner’s Office (“ICO”) published a call for views on data protection and employment practices. The ICO intends to update its employment practices code and associated guidance, originally produced under the Data Protection Act 1998, which has now been replaced by the UK General Data Protection Regulation (“UK GDPR”) and Data Protection Act 2018 (“DPA 2018”). The ICO is requesting responses from large and small employers, workers, volunteers, trades unions, employment dispute resolution bodies, recruitment agencies, professional and trade bodies, and suppliers of employment technology solutions.

Continue Reading UK ICO Consults on Data Protection and Employment Practices