Welcome to the August and September edition of our UK data protection bulletin.
For more information on the recent Schrems decision which invalidated Safe Harbor as a mechanism by which companies can transfer data from the EEA to the US, please find our full article here and our complimentary webinar here. The CJEU also released its decision in Weltimmo on applicable laws and powers of DPAs. Aside from Schrems and Weltimmo, recent months have seen a number of significant developments in UK data protection. These include:
- the first enforcement notice issued by ICO requiring Google to delist search results considered to be in breach of the 'right to be forgotten';
- the publication by the ICO of its analysis of the common position on the GDPR adopted by the EU Justice and Home Affairs Council in June;
- a series of interesting cases in relation to the scope of subject access requests;
- high levels of ICO enforcement activity against organisations involved in cold calling and marketing in breach of PECR and against data controllers that fail to implement adequate technical and organisation measures to protect personal data.
We would also like to welcome leading data protection and cyber risk lawyer James Mullock as a partner in our International Privacy & Data Protection Group. With previous clients spread across the Tech & Comms, Financial Services, Retail and Energy and Utilities sectors, he will continue to maintain a varied practice, albeit with a strengthened data protection focus.
Ruth Boardman, Co-Head of our International Privacy & Data Protection group, said,"We are delighted to welcome James to Bird & Bird. His sector-specific expertise, particularly in advising on complex TMT and outsourcing transactions, will help us proactively develop data protection opportunities with our clients, as we continue to grow our data protection practice internationally." James said, "I am very excited to be joining the Bird & Bird team and to be able to contribute to the further growth of the International Privacy & Data Protection Group. The next 5 years will see huge developments in data and cyber laws, and risks in this area are now very much front of mind for organisations in every sector and geography."
View the full Bulletin (PDF) >