At the beginning of a new year, we are looking ahead to five key technology trends in the EMEA region that are likely to impact businesses in 2023.Continue Reading Top Five EMEA Technology Trends to Watch in 2023
UK Supreme Court Rules That Supermarket Is Not Vicariously Liable For Data Breach Committed By Employee
On 1 April 2020, the UK Supreme Court handed down its ruling in WM Morrison Supermarkets plc v Various Claimants [2020] UKSC 12. The Court ruled that Morrisons was not vicariously liable for a data breach deliberately perpetrated by an employee. The judgment is significant in that it overturned the decisions of the two lower courts (the High Court and Court of Appeal) and provides guidance for employers on when they may be held vicariously liable for data breaches and other violations of the GDPR involving employees, who act as independent controllers in their own right.
Continue Reading UK Supreme Court Rules That Supermarket Is Not Vicariously Liable For Data Breach Committed By Employee
ICO Publishes New Guidance On Encryption
On March 3, 2016, the UK’s Information Commissioner’s Office (“ICO”) released new guidance on encryption. The guidance aims to provide advice to organizations on protecting personal data (such as customer and employee data) through the use of encryption. There is no legally-binding requirement under UK data protection law to encrypt
Continue Reading ICO Publishes New Guidance On Encryption
Debate in the European Parliament’s LIBE Committee on the Schrems ruling
On October 12, 2015, the European Parliament’s Civil Liberties, Justice and Home Affairs (“LIBE”) Committee held a debate to discuss the aftermath of the ruling of the Court of Justice of the European Union (“CJEU”) ruling in Case C-362/14 Maximillian Schrems v Data Protection Commissioner (see summary of the ruling here and summary of the Advocate-General’s Opinion here). The debate was chaired by the LIBE Committee Chair, Claude Moraes, and started with a presentation from the European Parliament’s Legal Service. The Legal Service provided a summary of the CJEU’s decision, and set out the following points:
- The ruling confirms the importance of the EU Charter of Fundamental Rights in protecting EU citizens, and the fact that all EU laws must comply with the Charter. In this case, the Charter rights invoked included the right of all EU citizens to privacy and the right to an effective judicial remedy. It can be concluded from the CJEU’s ruling that the Data Protection Directive 95/46/EC does comply with the Charter.
- Both the Charter of Fundamental Rights and the Data Protection Directive 95/46/EC provide a high level of protection to EU citizens’ personal data, whether the data are situated inside or outside the EU. This means that a third country can only be considered to provide “adequate” protection to EU citizens’ personal data when that country itself has strong data protection laws. The protection provided in a third country need not be identical, but must provide an “essentially equivalent” protection to that guaranteed under EU law.
- Legislation, whether in the EU or the U.S., cannot legitimately authorize mass or generalized surveillance of EU citizens’ data.
- The power of local data protection authorities (“DPAs”) to investigate data protection breaches cannot be restricted by the Commission.
Continue Reading Debate in the European Parliament’s LIBE Committee on the Schrems ruling