Photo of Davinia Brennan

Covid-19 is presenting unique and unprecedented challenges for employers who have to grapple with often complex HR and data protection related issues in a rapidly escalating crisis. Employers are anxious to ensure continuity of their business, the health and safety of their employees and compliance with data protection obligations where these arise.

Our Employment and

On 12 November 2019, the EDPB published its finalised Guidelines on Territorial Scope of the GDPR (3/2018). The Guidelines aim to assist companies and supervisory authorities in determining whether a particular processing activity falls within the territorial scope of the GDPR.

Continue Reading EDPB publishes finalised Guidelines on Territorial Scope of the GDPR

The Minister of Finance has passed new Regulations, the Data Protection Act 2018 (section 60(6)) (Central Bank of Ireland) Regulations 2019, permitting data subjects’ rights under Articles 12-22 and Article 34, and controllers’ obligations under Article 5 GDPR, to be restricted to the extent necessary and proportionate to allow the Central Bank of Ireland (CBI) to carry out certain functions.

Continue Reading New Regulations permitting Central Bank to restrict individuals’ data protection rights

For the first time, the Irish High Court has been asked to make a blocking order in regard to the illegal live streaming of Premier League games. Instead of watching Premier League games through legitimate and licensed services, some people were seeking to do so free of charge. The Court granted the blocking order, requiring five Irish ISPs (including  Eir,  Sky Ireland Ltd, Sky Subscribers Services Ltd, Virgin Media Ireland Ltd  and Vodafone Ireland Ltd ) to block illegal live streaming of Premier League games.

Continue Reading High Court blocks illegal live streaming of Premier League Games

The Oireachtas Committee on Justice and Equality is seeking  written submissions from stakeholders on the issues of online harassment, harmful communications and related offences. The invitation follows an announcement last May 2019, that the Government intends to draft, on a priority basis, amendments to the Harassment, Harmful Communications and Related Offences Bill 2017 .  That Bill is based on a 2016 Report by the Law Reform Commission, which recommended reform and consolidation of criminal law offences concerning harmful communications, and the establishment of Digital Safety Commissioner to oversee national digital safety standards and take-down procedures for harmful digital communications.

Continue Reading Government seeks submissions on online harassment

In the Fashion ID case (C-40/17) , the Court of Justice of the European Union (CJEU) found that the operator of a website that features a plug-in (such as a Facebook ‘Like’ button), can be considered a joint controller with the plug-in provider, in respect of the collection and transmission to that plug-in provider of the personal data of visitors to its website. However the website operator will not be a joint controller or liable for any subsequent processing of the personal data by the plug-in provider.

The CJEU also held that the website operator  is responsible for obtaining consent from website visitors for the collection and transmission of their personal data and providing notice to visitors about the use and disclosure of their personal data.

Although the case was decided under the the Data Protection Directive 95/46/EC (the Directive), it will continue to be relevant under the GDPR, since the relevant definitions and obligations continue to apply under the new regime. The decision will have an impact not only on website operators that embed social plug-ins, but to any website operator that uses cookies to collect and transmit personal data of their visitors to third parties, such as AdTech providers.


Continue Reading A website operator embedding a Facebook ‘Like’ button is a joint controller with Facebook

In Amazon EU Case C-649/17, the Court of Justice of the European Union (CJEU) held that the Consumer Rights (CR) Directive 2011/83/EU does not require an e-commerce platform to make a telephone number available to consumers before the conclusion of a contract. It is sufficient for traders, when concluding distance contracts with consumers, to use other means of communications, such as online chat services or telephone call-back, as long as consumers have a means of contacting traders quickly and efficiently.

Continue Reading E-Commerce platforms not obliged to make telephone number available to consumers