decoded.legal: Internet, telecoms and tech law decoded.

On 21 March 2022, the UK's International Data Transfer Agreement came into force, along with an Addendum. I've written about the International Data Transfer Agreement before and, bluntly, I wasn't Read more

An increasing number of third parties are offering services - typically, by way of a web site or an app - to facilitate data subjects in exercising their rights under the GDPR. Controllers on the Read more

If you've been involved in transfers of personal data to third countries under the GDPR, you'll probably be familiar with the long-standing standard contract clauses. And you may be familiar with the Read more

If you run an event, there is - sadly - a strong chance that you've had to deal with inappropriate behaviour. More and more events have adopted a code of conduct, to set out standards of acceptable Read more

The Register, and probably other places, are reporting about a Munich court's decision that the use of Google Fonts, hosted on a server operated by Google, led to an infringement of German data Read more

The European Data Protection Board has published draft guidelines on the right of access, for consultation. These are draft guidelines, and so they may change before they are made official. To save Read more

Have you put up, or are thinking of putting up, audio and video recording equipment around and outside your home? Then this post is for you. It's about a decision of the Oxford County Court, for Read more

This blog post is a short(ish) guide to the core issues in handling subject access requests under the UK GDPR. If you have received a request and you are not sure where to start, this will help you Read more