-
Archives
- April 2025
- March 2025
- February 2025
- January 2025
- December 2024
- November 2024
- October 2024
- September 2024
- August 2024
- July 2024
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- October 2019
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- December 2018
- November 2018
- October 2018
- September 2018
- August 2018
- July 2018
- May 2018
- April 2018
- March 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- May 2017
- January 2017
- December 2014
- September 2014
- June 2014
-
Meta
Monthly Archives: September 2020
New EDPB guidelines: copying and pasting GDPR provisions into your commercial agreements isn’t enough
The European Data Protection Board (EDPB) has published a set of draft guidelines clarifying the key GDPR concepts of controllers and processors by providing specific examples and helpful flowcharts to help apply these concepts in practice. Buried within these guidelines is the paragraph quoted below, which has significant implications for day-to-day commercial contracts.Under Article 28 of the GDPR, where one party (Party B) is appointed by another (Party A) to provide certain services that requires Party B to process personal data on behalf of Party A (which is the data controller), certain clauses are mandatory in the commercial contract between those parties (or in a separate data processing agreement).Where Party A’s processing activities are minimal and are considered low-risk, it is common for the relevant agreement simply to repeat the provisions of Article 28 without further elaboration.However, the EDPB states in the guidelines that simply restating the provisions of Article 28 without any additional detail is not sufficient. In particular, the EDPB states that the contract or separate data processing agreement required by Article 28 also needs to include information regarding the security measures to be adopted by the processor (Party B in the example above), as well as providing for a regular review of these measures.The level of detail required is ‘such as to enable the controller to assess the appropriateness of the measures pursuant to Article 32(1) of the GDPR’. This requires both the controller (Party A) and the processor (Party B) to take into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of the processing, as well as the risk of varying likelihood and severity for the rights and freedoms of those individuals whose data is processed.The draft guidelines remain open to public consultation until 19 October 2020. Any interested parties are encouraged to contribute to the consultation by providing comments on the guidelines via the link below.
Posted in Shorter Reads
Comments Off on New EDPB guidelines: copying and pasting GDPR provisions into your commercial agreements isn’t enough
The Tesco shareholder action settles
A consent order filed with the Court on 2 September confirms that the Tesco group shareholder action, which had been due to go to trial in October 2020, has now settled. No details on settlement terms appear to be publicly available at this time.It had been hoped that the Tesco action would bring some welcome clarity to the law on Section 90A FSMA 2000, under which no claim has yet been to trial. Attention may now turn to the group shareholder action that is proceeding against Serco in relation to its false accounting scandal regarding electronic tagging in 2010 to 2013. The parties have exchanged pleadings in the last few months, but it will be a while yet before it reaches trial (assuming that it does not settle before this).In the meantime, investors thinking of making claims under Section 90A FSMA 2000 should be aware that there are a number of current uncertainties in the law on Section 90A FSMA 2000, for example on the extent of the disclosure and witness evidence that they would be required to produce in support of their claim on the key issues of reliance and causation.
Posted in Shorter Reads
Comments Off on The Tesco shareholder action settles
Government response on cladding welcomed by flat owners but speedy implementation is now needed
Government response on cladding welcomed by flat owners but speedy implementation is now needed. All residential blocks over 18 metres are required to have a fire safety assessment on cladding. A lack of suitably qualified professionals to carry out these …
Interim injunction against Bitcoin discharged and damages considered an adequate remedy
In a recent High Court decision, Toma v Murray, Robin Vos sitting as Deputy High Court Judge, declined to a continue a without-notice interim injunction which restrained the Defendant from dealing with Bitcoin held in a coin deposit account. Vos held that damages would be an adequate remedy in this instance.The Claimants sold Bitcoin through an account on the Finnish platform LocalBitcoins.com. However, the payment they received was reversed, leaving the Claimants without the Bitcoin or their payment. The Defendant controlled the LocalBitcoins.com accounts used to make and withdraw the payments, and which continued to hold the Bitcoin. The Defendant did not go as far as to admit that there was a fraud, though he allowed the Court to proceed on the basis that a fraud had taken place, and asserted that the account had been hacked.The Claimants initially obtained a without notice interim injunction. LocalBitcoins also froze the account, though they said that in absence of a court order they would release the Bitcoins to the Defendant.On reviewing the injunction and deciding whether it should be upheld, Vos decided that although the Claimants’ made a proprietary tracing claim, they were ultimately seeking the value of the Bitcoin held in the deposit account and therefore the claim could be satisfied in monetary terms.He held that the injunction should not be upheld and the case is set to continue to determine whether or not there was any fraud on the part of the Defendant, a matter which could not be dealt with at an interim hearing. This is an interesting decision as it considers Bitcoin in relation to its value in monetary terms over its proprietary value. The Court distinguished it from AA v Persons Unknown [2019], the precedent for Bitcoin interim claims, as the Defendant was identified and had shown he held a significant unencumbered asset and there was no reason to believe he would not be able to meet any award against him. This was balanced against the fact that the Claimants admitted that they would have difficult in satisfying across undertaking of damages. On balance the Court considered that this decision left the Claimants with a remedy and did not place an disproportionate risk of loss on the Defendant.Some consideration was given to the volatility of the price of Bitcoin and the impact this may have on both parties. Though the Court focused on the fact that a price and value was given to the Bitcoin at the time of sale and the claim therefore was considered to be for the price paid. A condition was included in the Order to allow the Defendant to sell the Bitcoin only with the consent of the Claimant as a means of neutralising this risk. It shows once again that the court’s are having to approach digital asset cases innovatively. It will be interesting to see if any concession is given to the change in value of Bitcoin in the time before final judgment.Toma and another v Murray [2020] EWHC 2295 (Ch) (29 July 2020) (Robin Vos, sitting as Deputy High Court Judge).
Posted in Shorter Reads
Comments Off on Interim injunction against Bitcoin discharged and damages considered an adequate remedy
