In a landmark case, the UK Supreme Court has ruled that supermarket chain Morrisons is not vicariously liable for a deliberate data breach committed by a former rogue employee. The decision shows that an employer is unlikely to be liable for a malicious data breach committed by an employee, where his/her wrongful conduct is not closely connected with his/her tasks at work.
Continue Reading UK Supreme Court finds employer not vicariously liable for data breach
Covid-19 is presenting unique and unprecedented challenges for employers who have to grapple with often complex HR and data protection related issues in a rapidly escalating crisis. Employers are anxious to ensure continuity of their business, the health and safety of their employees and compliance with data protection obligations where these arise.
Our Employment and Data Protection teams have been advising employers on these issues for a number of weeks and have collated responses to a number of frequently asked questions to assist employers at this time.
The UK government has published its initial consultation response on the Online Harms White Paper (see our previous post here). The new regulatory framework proposes introducing a ‘duty of care’ on online services in respect of harmful content. The government’s initial response reports on the findings from the public consultation, and provides an indication of how the legislation will be taken forward. Continue Reading Online Harms White Paper – UK government publishes its initial consultation response
On 12 November 2019, the EDPB published its finalised Guidelines on Territorial Scope of the GDPR (3/2018). The Guidelines aim to assist companies and supervisory authorities in determining whether a particular processing activity falls within the territorial scope of the GDPR.
Continue Reading EDPB publishes finalised Guidelines on Territorial Scope of the GDPR
The provisions of the Copyright and Other Intellectual Property Law Provisions Act 2019 (the Act), which was signed into law on 26 June 2019, were commenced on 2 December 2019.
The only provisions which are not yet in effect are sections 2(1), 9 and 21, which will automatically come into operation on 26 December (i.e. 6 months from the passing of the Act on 26 June 2019).
The Minister of Finance has passed new Regulations, the Data Protection Act 2018 (section 60(6)) (Central Bank of Ireland) Regulations 2019, permitting data subjects’ rights under Articles 12-22 and Article 34, and controllers’ obligations under Article 5 GDPR, to be restricted to the extent necessary and proportionate to allow the Central Bank of Ireland (CBI) to carry out certain functions.
The Data Protection Commission (DPC) has published guidance which seeks to answer some of the most frequently asked questions in relation to Data Subject Access Requests (DSARs). Some of the key issues addressed in the guidance are set out below:
Continue Reading Data Protection Commission publishes guidance on DSARs
The Government Chief Whip, Seán Kyne TD, has published the Government’s Legislation Programme for Autumn 2019. The Programme lists 32 priority Bills; 27 Bills currently before the Houses of the Oireachtas, and 69 Bills where preparatory work is underway.
Continue Reading Government publishes Legislation Programme for Autumn 2019
For the first time, the Irish High Court has been asked to make a blocking order in regard to the illegal live streaming of Premier League games. Instead of watching Premier League games through legitimate and licensed services, some people were seeking to do so free of charge. The Court granted the blocking order, requiring five Irish ISPs (including Eir, Sky Ireland Ltd, Sky Subscribers Services Ltd, Virgin Media Ireland Ltd and Vodafone Ireland Ltd ) to block illegal live streaming of Premier League games.
Continue Reading High Court blocks illegal live streaming of Premier League Games
The Minister for Social Protection, Regina Doherty, and the Minister for Finance, Paschal Donohoe, have informed the government that provision and use of the Public Services Card (PSC), not just by the Department of Employment Affairs and Social Protection (DEASP), but by other public bodies shall continue. The DEASP has written to the Data Protection Commission (DPC) advising it of this decision. In doing so, the Government accepts that it may be necessary for the matter to be referred to the courts for a definitive decision. The DEASP intend to publish the DPC’s investigation report following further engagement with the DPC.