Surveillance Versus Privacy Rights: UK Court Rules Data Retention Legislation Unlawful

One year after the Data Retention and Investigatory Powers Act 2014 (“DRIPA”) received royal assent on 17 July 2014, the English High Court issued a landmark judgment in David & Ors v Secretary of State for the Home Department [2015] EWHC 2092 (Admin) declaring DRIPA to be unlawful.


ICO Bares Enforcement Teeth for Privacy Breaches

At the press conference for the launch of its Annual Report on 2 July, the UK Information Commissioner Christopher Graham highlighted the changing legislative landscape for the ICO’s regulatory powers against privacy breaches and put forward its proposals for the upcoming year.


The Final Stretch: Trilogue Commences Final Negotiations on EU Data Protection Regulation

Following the adoption of the EU Data Protection Regulation by the Council of Ministers last week, today saw the first meeting of the European Commission, European Parliament and Council of Ministers under what is known as the trilogue process, with the aim of negotiating the final wording of the Regulation.


Final Negotiations Set To Begin On EU Data Privacy Law

More than three years after the initial proposal for the EU Data Protection Regulation was published by the European Commission, it has been agreed by Europe’s Council of Ministers. The negotiations will now start between the commission, the European Parliament and the Council, in what is known as the “Trilogue” process, to agree the final text of the regulation, which is widely expected to be adopted by the end of 2015 or early 2016. The regulation, once adopted, will have a significant impact not only on EU companies but also on U.S. and other international companies that conduct business in the EU.


EU Begins Far-Reaching E-Commerce Sector Inquiry

Today, the European Commission sent out the first wave of more than 2,000 questionnaires it has said it will send to companies in connection with its recently-announced e-commerce sector inquiry. This marks the first stage in what is expected to be a far-reaching probe into a wide range of activities and business practices related to online selling in Europe.

The purpose of the sector inquiry is to examine current e-commerce business practices with a view to “breaking down online borders in the European Union.” The Commission will examine whether companies impose—via contract or through other practices—obligations that restrict the ability of merchants and consumers to buy and sell goods and services online across the EU.


One Step Closer to the EU Data Protection Regulation

This week we moved one step closer to the adoption of the proposed EU Data Protection Regulation with the agreement by the Council of Ministers on its proposals for the draft Regulation. The Regulation has been described as the most lobbied piece of European legislation in history and, once adopted, will have a significant impact on governments, businesses and individuals.


Google Inc. v. Vidal-Hall: Opening the Doors to EU Data Protection Litigation?

The English Court of Appeal has recently issued a landmark judgment against Google which could open the door to data privacy litigation in the EU.

The case concerned the collection by Google of Safari users’ browser information, allegedly without their knowledge or consent. In its opinion, the Court of Appeal held that four individuals who used Safari browsers can bring a claim for breach of privacy and that the damages claimed can include distress – even in circumstances where there is no financial loss, as this had been the intention of the EU’s Data Protection Directive. To reach this result, the Court relied on EU legal authorities to override and displace limitations on recovery under the UK Data Protection Act.


The Privacy, Data Protection and Cybersecurity Law Review

The first edition of The Privacy, Data Protection and Cybersecurity Law Review appears at a time of extraordinary policy change and practical challenge for this field of law and regulation. Several Sidley lawyers in the Privacy, Data Security and Information Law practice have contributed to this publication.

Editor’s Preface, Alan Charles Raul

  • Chapter 1, “European Union Overview,” William Long, Geraldine Scali and Alan Charles Raul
  • Chapter 2, “APEC Overview,” Catherine Valerio Barrad and Alan Charles Raul
  • Chapter 9, “Hong Kong,” Yuet Ming Tham and Joanne Mok
  • Chapter 12, “Japan,” Takahiro Nonaka
  • Chapter 16, “Singapore,” Yuet Ming Tham, Ijin Tan and Teena Zhang
  • Chapter 20, “United Kingdom,” William Long and Geraldine Scali
  • Chapter 21, “United States,” Alan Charles Raul, Tasha D Manoranjan and Vivek Mohan

UK Government launches new Cyber Essentials measures

In an era where cyber risk is almost daily news, governments have been working to develop tools to help businesses protect themselves against those who want to steal or misuse data.


European Court of Justice Finds ‘Right to be Forgotten’ and Compels Google to Remove Links to Lawful Information

A recent judgment of the highest court in the European Union announced that search engines within the court’s jurisdiction must respond to “right to be forgotten” requests. This authoritative interpretation of the existing data protection laws may create significant issues for Internet intermediaries and exacerbate the differences between the European privacy-based “right to be forgotten” and the United States’ free-speech based “right to remember.” This judgment will have a significant impact not only on search engine companies and publishers, but also on many other industries, including financial services and life sciences, that need to maintain data on individuals for legitimate business reasons, often for lengthy periods.