News

Grafitti of a surveillance camera on a concrete wall with the text 'for your safety & our curiosity'.
Court Decision on European Mass Surveillance and the Consequences for Brexit

As a member of the European Union, member states are obliged to abide by some of the strictest privacy laws in the world. Today, UK, French and Belgian national governments all use some form of mass surveillance. In recent years, privacy groups have taken claims to EU courts arguing that this surveillance is illegal. The national governments disagree. The CJEU refuted the claims that mass surveillance is outside their jurisdiction and issued a ruling on the 6th October 2020.

Read article
Photo of a shop window with a sign stating that the shop is closed due to covid-19.
Data Protection Guidance for Test and Trace Schemes

Since the easing of lockdown, during the summer of 2020, many organisations have implemented new measures so that they can re-open safely to the public. For most businesses, this included collecting customers’ and visitors’ personal information to support the UK Government’s approved contact tracing scheme.

Read article
A computer screen in a dark room. The screen shows a man looking through binoculars. The binocular lens' have the facebook logo photoshopped in.
A Timeline of US Mass Surveillance, International Privacy Agreements, and a Disgruntled Austrian

On the 16th July 2020, the CJEU came to a decision on the Schrems II case. The decision invalidated a major EU-US privacy agreement that previously allowed personal data to freely flow between the EU and the US. This court case is the latest chapter in an ongoing saga of privacy activists, commercial selling of ‘big data’ and revelations made by whistle blower Edward Snowden. This article gives a brief timeline of the events leading up to this case.

Read article
A person working at a laptop.
Is your use of website cookies currently lawful?

If you have not reviewed your cookie policy since October of 2019, it may not be. Many large corporations appear to be ignorant of a ruling (case C-673/17 - Planet49) that was made by the Court of Justice of the European Union (CJEU). The ruling clarifies how cookies should be managed and the subsequent impact on cookie statements. Indeed, many corporations appear to be breaking the law, even 7 months after the ruling.

Read article
A computer screen with a collection of coding related text.
Have I been Pwnd? A Database of Data Breaches

The GDPR was introduced to provide EU citizens with greater protections and control over their personal data. It achieved this by introducing new rights for individuals and by imposing stricter data protection requirements on organisations. But what happens if your personal data was part of a data breach before the GDPR was introduced?

Read article
Two people shaking hands
Data Sharing Agreements: What is the Best Practice?

The ICO states that ‘…whenever a controller uses a processor, there must be a written contract (or other legal act) in place...’ The GDPR sets out what needs to be included in the contract. But what happens if you are a controller sharing data with another controller? You need a Data Sharing Agreement.

Read article
A judge's hammer and gavel.
Are Privacy Notices Just About the GDPR?

Every company has been focused on ensuring their privacy notices are compliant for GDPR, however there could be a blind spot. The GDPR may be the strongest privacy regulation in the world, but it isn’t the only one. For example, when your website uses cookies, your organisation must ensure that the Privacy and Electronic Communications…

Read article