6 August 2018
R(Gallaher) v Competition and Markets Authority and the Search for the Principle of Equal Treatment
The Supreme Court in R (o.t.a. Gallaher et al) v. Competition and Markets Authority [2018] UKSC 25 dealt with concepts at the core of UK public law, finding that there are no freestanding principles of fairness and equal treatment, and re-examining the grounds on which judicial review can be brought.
6 August 2018
Data Protection Act 2018 and law enforcement: an introduction
Two months ago, the introduction of the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018 (“DPA”) significantly changed our data protection landscape (see our related blogs). Reference to “GDPR” became a daily occurrence in shops and offices, and received daily attention on social media and in the press.
27 July 2018
Data breach reporting – the only way is up
The Information Commissioner’s recently published Annual Report for 2017/18 reveals a substantial – 29% - increase in the number of self- reported data breaches. In light of the fact that the GDPR introduced new mandatory reporting of serious breaches, it is to be anticipated that the 2018/19 Annual Report will show an even greater increase.
24 July 2018
Joint data controllers – yet more data protection uncertainty
In two recent decisions the CJEU has adopted a maximalist, and probably to many people a counter-intuitive, approach to the issue of the identification of joint data controllers – the effect the decisions is that a body can be a joint data controller of personal data even through it has no access to, and no right of access to, the personal data in question. Both cases were decided under pre-GDPR law, but changes introduced by the GDPR mean that they are likely to have a significant impact.
10 July 2018
Some welcomed guidance for data controllers: Court of Appeal confirms the correct test to be applied when considering a SAR concerning mixed data
Mixed data cases present a particular challenge for data controllers and, as Adam Chapman noted in his previous commentary of this case in the High Court, “in ‘three way’ cases such as these, the data controller is likely to be challenged irrespective of the decision they take”.