Data Protection Actions in England & Wales
From 1 October 2019, all new data protection actions in England & Wales will be issued in the Media and Communications List of the High Court, and be subject to new pre-action protocols. These protocols (of course) include an expectation that Alternative Dispute Resolution has been considered. Here is the Pre-Action Protocol
Amazon’s Ring and its use of video and audio recordings – a warning
Ring is being criticised for its tie-up with US law enforcement and how that tie-up facilitates the use in crime detection of the video stream captured by Ring devices. However, this raises questions under the GDPR for Ring in the EU. First up: Ring claims in their privacy notice: “You are the data controller with respect to personal information you obtain when using our […]
CervicalCheck Ireland’s IT Issue – Did anyone mention personal data breach?
A serious question in respect of the most recent issues within Ireland’s CervicalCheckscreening service, is whether the “IT problems” at Quest Diagnostics, and their consequences for some 800 women, amounted to a personal data breach under Regulation (EU) 2016/679 (otherwise known as the GDPR). It is serious because, if it was a personal data breach, then the HSE were obliged to […]
Data Protection and InfoSec – Two disciplines, one intersection
At today’s Dublin’s TechConnect conference, I had the opportunity to present my arguments as to why information security and data protection must be considered as two separate disciplines, regardless of the overlap between them. You can obtain a copy of my presentation here, but let me summarise the main points: Defining information security and data protection I have adopted the following […]
SARs: are your systems up to it?
In 2002-2003 an outbreak of SARS (severe acute respiratory syndrome) in southern China justifiably sparked fears of a global pandemic. Perhaps with some irony, SAR is also the acronym often used for denoting a “subject access request” under data protection legislation, where a data subject asks a data controller for copies of his or her […]
