24 July 2018
Joint data controllers – yet more data protection uncertainty
In two recent decisions the CJEU has adopted a maximalist, and probably to many people a counter-intuitive, approach to the issue of the identification of joint data controllers – the effect the decisions is that a body can be a joint data controller of personal data even through it has no access to, and no right of access to, the personal data in question. Both cases were decided under pre-GDPR law, but changes introduced by the GDPR mean that they are likely to have a significant impact.
10 July 2018
Some welcomed guidance for data controllers: Court of Appeal confirms the correct test to be applied when considering a SAR concerning mixed data
Mixed data cases present a particular challenge for data controllers and, as Adam Chapman noted in his previous commentary of this case in the High Court, “in ‘three way’ cases such as these, the data controller is likely to be challenged irrespective of the decision they take”.
9 July 2018
Incompatible with equality? The Supreme Court rules in favour of civil partnerships for all
The Supreme Court has ruled that legislation stating that only same sex couples can enter into a civil partnership is not compatible with its human rights law obligations.
15 June 2018
GDPR: The significance of the new principle of accountability
The GDPR has introduced a new accountability principle: the data controller “shall be responsible for, and be able to demonstrate compliance, with” each of the six principles of the GDPR. For a principle summarised in 10 words, there is a significant amount of work required by organisations to ensure accountability. And there may be significant consequences if this work is not undertaken.
29 May 2018
The ICO’s Regulatory Action Policy: What to expect in the new GDPR era
The Information Commissioner’s Office (ICO) has begun consulting on a new Regulatory Action Policy (“the Policy”). This new policy is intended to provide “direction and focus” for those the ICO regulates, the public and its staff - and therefore demands careful consideration by anyone concerned about regulatory action within this new GDPR era. Critically, the Policy reiterates the ICO’s commitment to a balanced approach to regulation by creating an environment in which data subjects are protected whilst business is able to operate and innovate efficiently: