No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

UK Resurrects Data Protection Reforms, EU Court Rules on GDPR in Civil Cases

Measure in Parliament aimed at providing clear, business-friendly framework

by Jonathan Armstrong and André Bywater
March 15, 2023
in Data Privacy
gdpr

Recent courtroom and legislative action in Europe will likely have ripple effects around the world for companies subject to regulations like the UK and EU GDPR. Jonathan Armstrong and André Bywater of Cordery explore the developments.

Last year, the UK government introduced a legislative proposal to change the UK privacy/data protection regime (which essentially consists of UK GDPR, e-privacy rules and the Data Protection Act 2018). Parliamentary work on this draft legislation was then put on hold and the UK government has now reintroduced the draft legislation, with changes. 

The UK government says the bill is “common-sense-led UK version of the EU’s GDPR [which] will reduce costs and burdens for British businesses and charities, remove barriers to international trade and cut the number of repetitive data collection pop-ups online.” 

Purported benefits of the bill would include:

  • Creating clear, business-friendly framework, reducing paperwork organizations must provide to demonstrate compliance and enabling businesses to continue cross-border transfer mechanisms if they’re already compliant
  • Maintaining data adequacy with the EU and establishing wider international confidence in the UK’s data protection standards
  • Increasing public and business confidence in AI technologies by clarifying situations in which decision-making safeguards apply

Much of the bill overall seems to be about seeking to make clarifications. While certain clarifications may be welcome (given the difficulties in interpreting some aspects of the existing data protection regime) whether the final legislation will deliver on making claimed substantive changes, such as getting rid of so-called data protection representatives, rather than consisting in the end of a major tweaking exercise will have to be seen.

Whatever the final outcome, international organizations that have devoted much work, time and resources trying to ensure compliance with both the existing UK GDPR and EU GDPR may find that there is more work for them to do on the UK side of things.

minidata_b
Compliance

Honey, I Shrunk the Data: How to Keep Customer Info on a Need-to-Know Basis

by Parker Poe
November 30, 2022

It may be tempting to hoard the data you have gathered on your customers, but an increasing number of regulations and laws require businesses to do just the opposite. Sarah Hutchins and Robert Botkin from Parker Poe are here to tell you why that’s good news.

Read more

EU GDPR case

A few days before the revised data protection bill was introduced in the UK’s House of Commons, the EU’s Court of Justice handed down a long-awaited judgment in a case relating to application of the EU’s GDPR in the civil court system. The case has some important principles for anyone involved in producing documents to a court which include personal data.

In simple terms, the case was a construction dispute. A contractor, Norra Stockholm Bygg, sued for the work done on a building project. The customer, Per Nycander, argued that the contractor’s staff had not worked the hours claimed on the project. It asked the Swedish court for an order that a third party processor, Entral, who managed timekeeping for the contractor provide the records either unredacted or with the personal identity number redacted.

Norra Stockholm Bygg argued that the records — including employees’ names, identity numbers and clock-in and clock-out times — were mainly collected for tax auditing purposes, and so it refused to provide the records, saying that the interests of its employees outweighed the interest of allowing access to the records for their possible evidential value in the dispute.

The court hearing the case ordered Entral to produce the records unredacted, and that decision was appealed right up to the Swedish Supreme Court, which determined that there was an important matter of EU law to consider and so it referred this aspect of the case to the ECJ for a ruling. Since the case was felt to be of special importance, the ECJ also heard observations from lawyers representing the European Commission, Sweden, the Czech Republic and Poland. 

Ultimately, the ECJ decided that an individual’s data protection rights must be taken into account when courts consider requesting documents for disclosure in civil cases. The Swedish court will now take the ECJ’s judgment into account when ruling on the case.

In assessing whether documents containing personal data are ordered for disclosure, courts must balance the interests of individuals with the circumstances and type of the case in question and with the data protection law principles of proportionality and data minimization that are set out in GDPR Article 5.

Courts have previously been sanctioned under GDPR for their breaches — for example, in January 2023 the Polish DPA fined the Szczecin District Court for its failure to meet its obligations as a data controller.  The prospect of courts being sanctioned may well be a concern to some courts and judges, especially those in the U.S., where some courts have not shown too much concern about the GDPR implications for the parties. Having the court possibly be subject to sanction in the EU may give greater cause for concern.

Is pseudonymisation difficult? Yes, the process of pseudonymisation is often difficult to achieve in practice. It is important to note that pseudonymization will not take it outside the protection of GDPR, but it may provide some protection to the individuals involved. Pseudonymisation may include redacting the employee’s names although in practice more steps will usually need to be taken to reduce the chances of an employee being identified — for example, if there was only one employee working on site on a particular day even redacting their name will still make them identifiable.

More litigation could be in the offing related to this matter. Data protection litigation is already on the rise in Europe, and now that the ECJ has re-established the need for a balancing test, we may see more individuals taking action saying that their rights have not been properly considered. We may also see individuals seeking to block data being transferred to a third party on the basis that the proper balancing test has not been conducted.

This information was first published (UK bill, EU GDPR) at Cordery and is republished here.


Tags: GDPR
Previous Post

Unify Third Party Risk & Cybersecurity for Sustainable Resiliency

Next Post

From Regulation to Volume, There Is No Light at the End of the Data Privacy Tunnel

Jonathan Armstrong and André Bywater

Jonathan Armstrong and André Bywater

Jonathan Armstrong is a partner at Cordery Compliance. He is an experienced lawyer with a concentration on technology and compliance. His practice includes advising multinational companies on matters involving risk, compliance and technology across Europe. He has handled legal matters in more than 60 countries involving emerging technology, corporate governance, ethics code implementation, reputation, internal investigations, marketing, branding and global privacy policies. Jonathan has counseled a range of clients on breach prevention, mitigation and response. He has also been particularly active in advising multinational corporations on their response to the UK Bribery Act 2010 and its inter-relationship with the U.S. Foreign Corrupt Practices Act (FCPA).
André Bywater is a partner at Cordery Compliance. He is a commercial lawyer with a focus on regulatory compliance, processes and investigations. His practice has engaged both the private and public sectors. He was Brussels-based for many years, focusing on a multitude of EU issues during which time he worked across Europe and beyond. He has assisted and advised mainly European and U.S. in-house counsel and other company personnel. Further, he has also addressed a variety of legal matters in the context of EU-funded projects building the expertise and capacity of government ministries and agencies in Central and Eastern Europe and further afield.

Related Posts

eu flag

Preparing Your Company for the Latest GDPR Data Transfer Developments & Upcoming Deadlines

by Kevin L. Coy
November 30, 2022

An EU court decision and legislative moves in the U.S. and UK make compliance with privacy regulations increasingly difficult. Arnall...

minidata_b

Honey, I Shrunk the Data: How to Keep Customer Info on a Need-to-Know Basis

by Parker Poe
November 30, 2022

It may be tempting to hoard the data you have gathered on your customers, but an increasing number of regulations...

uk ico data access

UK’s Data Protection Regulator Signals Crackdown on Access Request Violations

by Jonathan Armstrong and André Bywater
October 5, 2022

Data privacy laws in the EU and UK established the right of individuals to find out what personal information organizations...

cpo and ciso

Allies in Privacy, Security & Compliance: Why Closer Collaboration Between CPOs and CISOs Benefits Everyone

by Maria D'Avanzo
September 28, 2022

As a former chief privacy officer (CPO) of a publicly traded commercial real estate services firm, Maria D’Avanzo worked in...

Next Post
risk tunnel

From Regulation to Volume, There Is No Light at the End of the Data Privacy Tunnel

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT