In light of the new social media guidance the BBC imposed on its own employees, employers should be carefully considering whether or not their own social media policy sufficiently protects their interests....
Following extensive consultation that began in December 2019, the Information Commissioner’s Office (ICO) has finally published their updated guidance on the Right of Access, namely the ability for an individual to submit a Data Subject Access Request (DSAR) to a processor of their personal data. ...
Following an investigation by the Data Protection Authority of Hamburg, fashion retailer H&M has been fined the equivalent of £32.1m for illegally monitoring of its employees....
The Court of Appeal recently handed down its decision in the case of R v Bridges [2020] EWCA Civ 1058, the first case of its kind in the world dealing with law enforcement use of live facial recognition. ...
The CJEU yesterday handed down its long awaited decision on questions put to it regarding Data Protection ...
Increasingly, the information we need and use every day is stored, accessed and controlled online. We have become accustomed to the convenience and efficiency of being able to access significant swathes of information about ourselves, our business and the world at the tap of a button. ...
It has been some months since the High Court delivered its judgment in R v Bridges concerning the use by South Wales police (SWP) of live facial recognition (LFR) in a public place. For further details see our case analysis here. (link) The claimant has since appealed the decision in the Court of Appeal and the SWP is still under investigation by the Information Commissioners Office (ICO)....
Despite the consultation period for their draft Right of Access Guidance remaining open until the 12th February, the Information Commissioner’s Office (the “ICO”) has amended its published guidance on the timescales for Data Subject Access Request (“DSAR”) compliance. ...
Amidst the hype of the GDPR in 2018, one other area of data protection reform progressed relatively under the radar – the ePrivacy Regulation. Surprising given the potential impact this could have on an organisations’ marketing practices....
Advocate General, Henrik Saugmandsgaard Øe of the Court of Justice of the European Union (CJEU) has just handed down his opinion in response to a referral by the High Court of Ireland for preliminary rulings of law. The High Court case in question related to complaints made by Max Schrems against Facebook Ireland and Facebook Inc concerning the transfer of Mr Schrems' personal data to the United States (U.S)....
The Information Commissioner’s Office (ICO) has launched a consultation to invite views from the public on its new guidance for subject access requests....
The GDPR increased the fines available to EU supervisory authorities for breaches of data protection requirements. Now, as we celebrate the GDPR’s 18-month birthday, it’s a good opportunity to take a look at some of the largest fines imposed to date and where in the EU we are seeing these....
Data protection has been a hot topic since the introduction of the GDPR in May 2018, so what can we expect from the main political parties after the general election in December? We have taken a look at their manifestos…...
There are some types of special category data under the GDPR that attract a higher level of protection given their sensitive nature....
The Court of Justice of the European Union (‘CJEU’) has just handed down its ruling on questions of consent for the use of cookies in Bundesverband der Verbraucherzentralen und Verbraucherverbände – Veerbracherzentrale Bundesverband eV v Planet49 GmbH (“Planet 49 case”)....
Live facial recognition technology or automatic facial recognition (AFR) adds another dimension to CCTV monitoring and other surveillance methods. Using biometrics (certain physical and physiological features), the technology can map facial features to identify particular individuals by matching these with a database of known faces. ...
We are almost 18 months on from the implementation of the GDPR on 25 May 2018 and there have been a wealth of surveys reflecting on how well (or not) organisations have done in meeting the new requirements. ...
On 4 September 2019 the world’s first decision regarding the privacy implications of facial recognition was handed down by the High Court in Cardiff. The implications of the case were of such significance that both the Information Commissioner and Surveillance Camera Commissioner joined as Interveners. ...
You are walking along a side street towards your office. Unbeknown to you a private company has installed closed circuit television with facial recognition capabilities and is tracking your movements. Is this lawful?...
The ICO has updated its guidance on the timeframe for compliance with subject access requests. ...