In Doolin v DPC , the High Court held that an employer’s use of CCTV footage in an employee’s disciplinary proceedings constituted unlawful further processing. It concluded that the Data Protection Commission (DPC) had made an “error of law” in their finding that no further processing of the CCTV footage had occurred. The Court found that the CCTV footage was lawfully collected for security purposes. However, the CCTV footage was then unlawfully further processed for the purpose of the disciplinary proceedings, which was incompatible with the original purpose for which the CCTV footage was processed. The decision shows the importance of only using personal data, particularly CCTV footage, for the purpose for which it was collected.
In a landmark case, the UK Supreme Court has ruled that supermarket chain Morrisons is not vicariously liable for a deliberate data breach committed by a former rogue employee. The decision shows that an employer is unlikely to be liable for a malicious data breach committed by an employee, where his/her wrongful conduct is not closely connected with his/her tasks at work.
Covid-19 is presenting unique and unprecedented challenges for employers who have to grapple with often complex HR and data protection related issues in a rapidly escalating crisis. Employers are anxious to ensure continuity of their business, the health and safety of their employees and compliance with data protection obligations where these arise.
Our Employment and Data Protection teams have been advising employers on these issues for a number of weeks and have collated responses to a number of frequently asked questions to assist employers at this time.
The UK government has published its initial consultation response on the Online Harms White Paper (see our previous post here). The new regulatory framework proposes introducing a ‘duty of care’ on online services in respect of harmful content. The government’s initial response reports on the findings from the public consultation, and provides an indication of how the legislation will be taken forward. Continue Reading Online Harms White Paper – UK government publishes its initial consultation response
On 12 November 2019, the EDPB published its finalised Guidelines on Territorial Scope of the GDPR (3/2018). The Guidelines aim to assist companies and supervisory authorities in determining whether a particular processing activity falls within the territorial scope of the GDPR.
The provisions of the Copyright and Other Intellectual Property Law Provisions Act 2019 (the Act), which was signed into law on 26 June 2019, were commenced on 2 December 2019.
The only provisions which are not yet in effect are sections 2(1), 9 and 21, which will automatically come into operation on 26 December (i.e. 6 months from the passing of the Act on 26 June 2019).
The Minister of Finance has passed new Regulations, the Data Protection Act 2018 (section 60(6)) (Central Bank of Ireland) Regulations 2019, permitting data subjects’ rights under Articles 12-22 and Article 34, and controllers’ obligations under Article 5 GDPR, to be restricted to the extent necessary and proportionate to allow the Central Bank of Ireland (CBI) to carry out certain functions.
The Data Protection Commission (DPC) has published guidance which seeks to answer some of the most frequently asked questions in relation to Data Subject Access Requests (DSARs). Some of the key issues addressed in the guidance are set out below:
The Government Chief Whip, Seán Kyne TD, has published the Government’s Legislation Programme for Autumn 2019. The Programme lists 32 priority Bills; 27 Bills currently before the Houses of the Oireachtas, and 69 Bills where preparatory work is underway.
For the first time, the Irish High Court has been asked to make a blocking order in regard to the illegal live streaming of Premier League games. Instead of watching Premier League games through legitimate and licensed services, some people were seeking to do so free of charge. The Court granted the blocking order, requiring five Irish ISPs (including Eir, Sky Ireland Ltd, Sky Subscribers Services Ltd, Virgin Media Ireland Ltd and Vodafone Ireland Ltd ) to block illegal live streaming of Premier League games.