The UK's International Data Transfer Agreement: what it is and what it means for you

- Posted in data protection by
On 21 March 2022, the UK's International Data Transfer Agreement came into force, along with an Addendum. I've written about the International Data Transfer Agreement before and, bluntly, I wasn't Read more

Third party requests to exercise data subject rights: quick notes for controllers

- Posted in data protection by
An increasing number of third parties are offering services - typically, by way of a web site or an app - to facilitate data subjects in exercising their rights under the GDPR. Controllers on the Read more

The UK's International Data Transfer Agreement: is this the ICO's worst document yet?

- Posted in data protection by
If you've been involved in transfers of personal data to third countries under the GDPR, you'll probably be familiar with the long-standing standard contract clauses. And you may be familiar with the Read more

Events, exclusion lists, and the UK GDPR

- Posted in data protection by
If you run an event, there is - sadly - a strong chance that you've had to deal with inappropriate behaviour. More and more events have adopted a code of conduct, to set out standards of acceptable Read more

decoded.legal and the seven OSI layers for Internet, telecoms, and tech legal advice

- Posted in Uncategorized by
Blake E Reid, an excellent US tech/telecoms law professor, tweeted: This is a good argument for Internet law folks to take telecom law, where the environmental impacts of Internet infrastructure Read more

How to handle data subject access requests under the UK GDPR

- Posted in data protection by
This blog post is a short(ish) guide to the core issues in handling subject access requests under the UK GDPR. If you have received a request and you are not sure where to start, this will help you Read more

Five things to take from the European Parliament's response to the Commission on the GDPR

- Posted in privacy by
The European Parliament has published its report on the European Commission's report on the implementation of the GDPR, which the Commission published two years after its application. Yes, it's a Read more

The territorial scope of the GDPR, as applied by the High Court

- Posted in data protection by
1 This week saw what is, I believe, the first English judgment dealing with the territorial scope of the GDPR. This blogpost is a reminder of the rules on "territorial scope", and weaves in the High Read more

The UK/EU Trade and Cooperation Agreement and data protection: what you should do now

- Posted in data protection by
I know it's Christmas. And I know I'm supposed to be on holiday. But I also know that some of you have been planning for, or even just worrying about, what you need to do to prepare for the end of Read more