The ICO and breach reporting under Reg 5A PECR: take two

- Posted in privacy by
A couple of weeks ago, the ICO published a statement saying that it had "decided to stop enforcing personal data breach reports made under Regulation 5A." Even if the intent behind it was meant well, Read more

Notes on operating fediverse services (Mastodon, Pleroma etc) from an English law point of view

- Posted in hosting by
In this monologue post, I set out an introductory analysis / overview of the English laws which are likely to apply to people in England who operate decentralised fediverse services which implement Read more

The UK's International Data Transfer Agreement: what it is and what it means for you

- Posted in data protection by
On 21 March 2022, the UK's International Data Transfer Agreement came into force, along with an Addendum. I've written about the International Data Transfer Agreement before and, bluntly, I wasn't Read more

Third party requests to exercise data subject rights: quick notes for controllers

- Posted in data protection by
An increasing number of third parties are offering services - typically, by way of a web site or an app - to facilitate data subjects in exercising their rights under the GDPR. Controllers on the Read more

The UK's International Data Transfer Agreement: is this the ICO's worst document yet?

- Posted in data protection by
If you've been involved in transfers of personal data to third countries under the GDPR, you'll probably be familiar with the long-standing standard contract clauses. And you may be familiar with the Read more

Events, exclusion lists, and the UK GDPR

- Posted in data protection by
If you run an event, there is - sadly - a strong chance that you've had to deal with inappropriate behaviour. More and more events have adopted a code of conduct, to set out standards of acceptable Read more

decoded.legal and the seven OSI layers for Internet, telecoms, and tech legal advice

- Posted in Uncategorized by
Blake E Reid, an excellent US tech/telecoms law professor, tweeted: This is a good argument for Internet law folks to take telecom law, where the environmental impacts of Internet infrastructure Read more

How to handle data subject access requests under the UK GDPR

- Posted in data protection by
This blog post is a short(ish) guide to the core issues in handling subject access requests under the UK GDPR. If you have received a request and you are not sure where to start, this will help you Read more

Five things to take from the European Parliament's response to the Commission on the GDPR

- Posted in privacy by
The European Parliament has published its report on the European Commission's report on the implementation of the GDPR, which the Commission published two years after its application. Yes, it's a Read more

The territorial scope of the GDPR, as applied by the High Court

- Posted in data protection by
1 This week saw what is, I believe, the first English judgment dealing with the territorial scope of the GDPR. This blogpost is a reminder of the rules on "territorial scope", and weaves in the High Read more