A Data Processing Agreement (DPA) confirms the terms on which one party (the ‘processor’) processes personal data provided or made available by another party (the ‘controller’). Examples of data processing include arrangements where an organisation provides details of its employees and their remuneration packages to a payroll services provider, or provides lists of its clients’ […]
Read more »29/12/20 – Prior to the announcement of the EU-UK Trade and Cooperation Agreement [1], I was having to explain to a client that it was looking increasing likely that, from 1st January 2021, transfers of personal data from organisations located in EEA countries to the UK would no longer be lawful.
Read more »19/11/20 – By way of background, transfers of EU citizens’ personal data to locations outside the European Economic Area (EEA) require a GDPR-permitted transfer mechanism.
Read more »Ok, let’s start with the basics. What is ‘special category data’? Article 9 of the GDPR (as incorporated into UK law, and amended) (“UK GDPR”) defines special category data as: Personal data revealing: racial or ethnic origin political opinions religious or philosophical beliefs trade union membership. Data concerning: health a person’s sex life a person’s […]
Read more »21/09/20 – On 2 September 2020, the European Data Protection Board (EDPB) adopted ‘Guidelines 07/2020 on the concepts of controller and processor in the GDPR’. The Guidelines deal with the principles underpinning the differences between controllers and processors, and also delve into the more esoteric world of joint controllers.
Read more »23/07/20 – If you, as a ‘data exporter’, want to transfer personal data to a country outside the EEA (and which is not one of the 12 countries that have been granted an adequacy decision by the European Commission), then you need to use one of the GDPR-approved ‘transfer mechanisms’.
Read more »13/07/20 – The EU Platform to Business Regulation (the ‘P2B Regulation’) came into effect on 12 July 2020. The P2B Regulation applies to all online platforms and search engines which provide services to business users in the EU, where those business users offer goods or services to consumers in the EU.
Read more »12/03/20 – The UK government has issued a Statement in response to the Law Commission’s report on Electronic execution of documents. My article on the Law Commission’s report can be accessed here. Key takeaways from the government’s Statement: The government agrees with the report’s conclusion that businesses and individuals can feel confident in using e-signatures […]
Read more »10/02/20 – In AA v Persons Unknown [2019], the Commercial Court confirmed that cryptoassets such as Bitcoin can constitute property under English law, and are therefore capable of being subject to a proprietary injunction (i.e. a court order which prevents the defendant from dealing with the relevant property). The judgment refers extensively, and gives considerable […]
Read more »04/12/19 – Prompted by a perceived need to provide legal certainty and market confidence in distributed ledger technology (DLT) and smart contracts, the UK Jurisdiction Taskforce (part of the LawTech Delivery Panel) published a Legal Statement on the Status of Cryptoassets and Smart Contracts on 18 November 2019. The Statement follows on from a consultation launched […]
Read more »