UK & EU Data Protection Bulletin: July 2020
Written By
Of Counsel
France
I am a partner and co-head of our firm's International Data Protection Group. Thanks to many years of experience dedicated to data protection, I can provide innovative and practical solutions to clients around the world.
Partner
UK
I am based in London and co-head Bird & Bird's International Privacy and Data Protection Group. I enjoy providing practical advice and solutions to complex legal issues.
Legal Director
UK
I'm a legal director in our London Privacy and Data Protection Practice working with clients in many of our key sectors.
Related
Practices
Sectors
Trending Topics
Regions
Welcome to our July Data Protection Newsletter.
It has been a relatively quiet month for data protection developments so content this month is very light but we are expecting more developments imminently (e.g. on the Schrems data transfer decision) which will no doubt dominate the data protection headlines. Watch out for our updates on this in the coming weeks.
Use the links below to navigate through our newsletter:
ICO
Other UK news
UK Cases
EDPB
Other EU news
ICO
Explaining Decisions made with AI
In January, the ICO issued draft guidelines on how to explain decisions made using artificial intelligence to individuals, and opened the guidelines for consultation. Having collected stakeholder views, the ICO has now published the final version of the guidelines, which are available here.
Other UK news
Consultation on Caldicott Principles
The National Data Guardian - an official advisory body to the English NHS and UK Department of Health and Social Care - has announced a summer 2020 consultation on reforms to the seminal "Caldicott Principles". These Principles are important guidelines on the use of confidential patient data in the NHS, under "common law" rules and public sector policy that intersect with the GDPR.
UK cases
ZXC v BLOOMBERG LP [2020] 5 WLUK 195
The Court of Appeal upheld the decision by Nicklin J in the first instance judgment of 17 April 2019 ([2019] EWHC 970 (QB)) on the fundamental right to privacy in the context of criminal investigations.
EDPB
EDPB Plenary session
During the 28th EDPB Plenary Session, the European Data Protection Board (EDPB) adopted its opinion on the draft Standard Contractual Clauses (SCCs) for controller-processor contracts submitted to it by the Slovenian Supervisory Authority (SA).
Other EU news
Croatian Presidency introduces 'legitimate interests' into amended proposal]
The Croatian Presidency of the EU has issued an amended proposal for an e-Privacy Regulation, to be discussed during the meeting of the Working Party on Telecommunications and Information Society on March 5 and 12. Negotiations have been ongoing for a number of years and the previous Finnish Presidency had tried unsuccessfully to reach a political agreement last November.
Other EU news
EDPS and Microsoft Investigation
EDPS' investigation into Inter-Institutional Licensing Agreement (‘ILA’) signed between EU institutions and Microsoft is now finalised and recommendations were published on EDPS' newsletter in early May. The recommendations are not detailed; however they set-out clear-cut rules on the parties' controllership status.
The EDPS has published its opinion on the European Commission’s “European Strategy for Data”
On 16 June 2020, the EDPS published its response to the European Strategy for Data which was issued by the European Commission earlier this year (the “Data Strategy”). The Data Strategy is part of the Commission’s aim to create a single cross-sectoral space for data within the EU.
