data protection

Enforcement against the use of biometrics in the workplace

At a glance The ICO has issued an enforcement notice which provides valuable insights into its approach to the use of biometrics in the workplace, and the lawfulness of employee monitoring activities more broadly. On 23 February 2024, the Information Commissioner’s Office (ICO) ordered Serco Leisure Operating Limited (Serco), an operator of leisure facilities, to …

Enforcement against the use of biometrics in the workplace Read More »

Information Commissioner’s call for views on employment practices: a survey for employers

The Information Commissioner’s Office (ICO) is calling for views on data protection and employment practices to help them shape their upcoming guidance products which will see existing guidance replaced with “a new, more user-friendly online resource with topic-specific areas”. DLA Piper’s employment group will be submitting a response to the ICO’s call for views and …

Information Commissioner’s call for views on employment practices: a survey for employers Read More »

EU-US Privacy Shield is no more. What now for employers After Schrems II?

The Court of Justice of the European Union (CJEU) has given its preliminary ruling in Schrems II – Data Protection Commissioner v Facebook Ireland Limited and Maximillian Schrems (Case C-311/18) in which it strikes down the EU-US Privacy Shield as a mechanism for transferring employees’ personal data to the US, on the basis that the …

EU-US Privacy Shield is no more. What now for employers After Schrems II? Read More »

UK: Supreme Court upholds appeal in claim against Morrisons: employer not vicariously liable for employee’s data breach

Today the Supreme Court allowed an appeal in Morrisons v Various Claimants[1], a significant judgment addressing the extent of an employer’s liability for data breaches maliciously committed by an employee. The Supreme Court held that: The earlier judgments of the High Court and Court of Appeal had misunderstood the principles governing vicarious liability. In particular, …

UK: Supreme Court upholds appeal in claim against Morrisons: employer not vicariously liable for employee’s data breach Read More »

Data protection cases in the spotlight

Two recent cases involving data protection have recently been in the spotlight.  In WM Morrisons Supermarkets PLC v Various Claimants, the Court of Appeal dismissed Morrisons’ appeal against the High Court’s decision that Morrisons was vicariously liable for the deliberate disclosure by an employee of his co-workers’ personal data on the internet. Unless there is …

Data protection cases in the spotlight Read More »

Monitoring employees: Guidance on privacy in the workplace

The recent decision of the European Court of Human Rights in Barbulescu v Romania (see our Be Aware blog post of 7 September) has placed the spotlight once more on the extent to which employers are permitted to monitor their employees’ communications and activities. The adoption of new information technologies in the workplace allows for …

Monitoring employees: Guidance on privacy in the workplace Read More »

Government publishes Statement of Intent on proposals for new data protection laws

On 7 August 2017, Government publishes its Statement of Intent (SoI) on ‘A new Data Protection Bill: Our planned reforms’. The SoI states that implementation of the GDPR and repeal of the Data Protection Act (DPA) will be done in a way that so far as possible preserves the concepts of the DPA to ensure …

Government publishes Statement of Intent on proposals for new data protection laws Read More »

Practical impacts of GDPR on the employment relationship

In the next of our series of briefings on the General Data Protection Regulation (GDPR) we focus on some more of the practical impacts of GDPR on the employment relationship and what businesses can do to manage these and prepare for implementation by May 2018. Data subject access requests Under the GDPR, employees will have …

Practical impacts of GDPR on the employment relationship Read More »

Preparing for the GDPR: New employee data subject rights could disrupt core HR procedures

The General Data Protection Regulation (GDPR), due to come into force throughout the EU including the UK on 25 May 2018, will force through a culture change in terms of attitudes to data privacy, according to the Information Commissioner Elizabeth Denham. Speaking at the Data Protection Practitioners’ Conference 2017, Denham warned that organisations risking damaging …

Preparing for the GDPR: New employee data subject rights could disrupt core HR procedures Read More »

Privacy Shield adopted by European Commission and US Department of Commerce

Earlier this month, the European Commission (EC) voted to adopt the final version of the new EU/US data protection scheme, the Privacy Shield, which provides a mechanism for the valid transfer of personal data from the EU to the US.  The scheme was approved simultaneously by the US Department of Commerce (DoC).     The Privacy Shield …

Privacy Shield adopted by European Commission and US Department of Commerce Read More »

Despite Brexit, businesses need to start preparing for the General Data Protection Regulation

The Information Commissioner’s Office (ICO) has published an Overview of the European General Data Protection Regulation (GDPR) for organisations. The changes anticipated by GDPR are wide-ranging and require a cross-organisational compliance framework that will take time to assess and implement effectively. Organisations which process data within the UK should start their planning now if they …

Despite Brexit, businesses need to start preparing for the General Data Protection Regulation Read More »