Photo of Davinia Brennan

The European Data Protection Board (EDPB) has published updated Guidelines 05/2020 on Consent under the GDPR, replacing the previous Article 29 Working Party Consent Guidelines published in April 2018. The purpose of the updated guidelines is to provide clarity on: (i) data subject consent in relation to cookie walls (which are not allowed), and (ii) scrolling or swiping through a webpage or similar actions (which does not constitute valid consent). ​The paragraphs (38-41 and 86) concerning these two issues have been revised and updated, while the rest of the document has been left unchanged, except for editorial changes.

Continue Reading EDPB issue updated Guidelines on Consent

Photo of Davinia Brennan

Covid-19 is presenting unique and unprecedented challenges for employers who have to grapple with often complex HR and data protection related issues in a rapidly escalating crisis. Employers are anxious to ensure continuity of their business, the health and safety of their employees and compliance with data protection obligations where these arise.

Our Employment and

Photo of Davinia Brennan

The Minister of Finance has passed new Regulations, the Data Protection Act 2018 (section 60(6)) (Central Bank of Ireland) Regulations 2019, permitting data subjects’ rights under Articles 12-22 and Article 34, and controllers’ obligations under Article 5 GDPR, to be restricted to the extent necessary and proportionate to allow the Central Bank of Ireland (CBI) to carry out certain functions.

Continue Reading New Regulations permitting Central Bank to restrict individuals’ data protection rights

Photo of Daniel Jackson

On 17 April 2018, the European Commission proposed new rules in the form of a Regulation and an accompanying Directive, which aim to improve law enforcement authorities’ cross-border access to e-evidence.

The proposed Regulation on European Production and Preservation Orders enables a judicial authority in a Member State to obtain electronic evidence in criminal matters directly from a service provider in another Member State. The Directive complements the Regulation, as it sets out the rules for the appointment of service providers’ legal representatives, whose role is to receive and respond to judicial orders. The new rules will ensure swift access to e-evidence, with service providers being required to respond to judicial orders within 10 days and in emergency cases within 6 hours, compared to 10 months under the current Mutual Legal Assistance process.


Continue Reading European Council reaches position on proposed e-evidence Directive

Photo of Davinia Brennan

The Data Protection Commission (DPC) has published its Annual Report for 25 May-31 December 2018. As always, the Report reveals some interesting statistics and case studies. In the coming months, the DPC expects to conclude a number of statutory inquiries, which it launched in 2018, into multinational technology companies with EU headquarters situated in Ireland. The DPC anticipates that the conclusion of those inquiries will provide precedents for better implementation of the principles of the GDPR across key aspects of internet and ad tech services. This briefing note sets out some of the highlights of the Report.
Continue Reading DPC publishes Annual Report for May-December 2018

Photo of Davinia Brennan

The European Commission has published an infographic on compliance with and enforcement of the GDPR since from May 2018 to January 2019. The infographic reveals some interesting statistics, including:

  • 95,180 complaints have been made to EU national data protection authorities (DPAs) by individuals who believe their rights under the GDPR have been violated. The majority of these complaints concerned telemarketing, promotional emails, and video surveillance/CCTV.


Continue Reading European Commission publishes statistics on GDPR enforcement activities

Photo of Davinia Brennan

The UK Court of Appeal has dismissed an appeal against the High Court’s decision that Morrisons is vicariously liable to 5,000 employees for misuse of their personal data by a rogue employee.

The decision is causing shockwaves amongst businesses, as it shows that a company may be held vicariously liable for a data breach caused

Photo of Daniel Harrington

Speaking at A&L Goodbody’s breakfast seminar, ‘GDPR The Last Lap‘, Anna Morgan, Deputy Data Protection Commissioner, has warned that companies who ‘over-report’ and adopt an overly conservative approach to the GDPR’s breach notification requirements may risk enforcement action from the Data Protection Commission (DPC).

Continue Reading Over-Reporting Data Breaches to Data Protection Commission may result in enforcement action, warns Deputy Data Protection Commissioner

Photo of Vladimir Rakhmanin

The European Commission (EC) has issued a notice reminding stakeholders that due to the UK’s intention to leave the EU, they will be considered a ‘third country’ for the purposes of data transfers from 10 March 2019 (available here).

Continue Reading European Commission reminds stakeholders that UK is a third country for data transfers from 10 March 2019