Intellectual Property, Information Technology & Cybersecurity


Author: Ben Evans

The Court of Justice of the European Union ("CJEU") handed down its first copyright judgment of 2018 this week.
The outcome of the case, Renckhoff, C161/17 wasn't a surprise to many although it went against the somewhat controversial opinion of Advocate General Campos Sanchez-Bardona (the CJEU almost always follow the AG's opinion, but not on this occasion).

Read more: CJEU: unauthorised re-posting of an image can be infringement


Authors: Tim Clark and Andrew Barling

In our earlier article ‘Data Breach Response Planning: Getting Down to Business’ we referred to the introduction of a mandatory new Notifiable Data Breaches (NDB) scheme in Australia and outlined some steps organisations could take to prepare. The changes were introduced by the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth). The new law requires entities covered by the Privacy Act 1988 (Cth) to notify both the Office of the Australian Information Commissioner (OAIC) and affected individuals of any data breach in respect of personal information they hold where the breach is likely to result in serious harm.

Read more: Update on Australia’s Notifiable Data Breaches scheme


Author: Simon Stokes

As a no-deal Brexit becomes a distinct possibility the UK government is to start producing guidance to deal with this eventuality. However when it comes to data protection and the cross border flow of personal data – critical to the UK economy – the UK's options in absence of a deal with the EU which expressly addresses data protection are very limited. And this is a crucial issue for our digitally driven economy – cross border data flows in and out of the UK increased 28 fold between 2005 and 2015 and are expected to grow another five times by 2021. Three-quarters of these flows are estimated to be with EU countries.

Read more: Time to prepare for data limbo? A no-deal Brexit and its impact on cross-border data flows


Authors: Katherine Hayes, Partner & Greg Stirling, Senior Associate

Just over six months after the mandatory data breach notification legislation was introduced, the Office of the Information Commissioner has published its first full quarterly report on the notified data breaches, and it makes interesting reading.

The most breaches were reported by health service providers with 49 breaches, followed by finance entities (36) then legal, accounting and management entities (20) and education organisations (19). Business and professional associations reported 15 breaches.

Read the entire article.


Authors: Susan Kohn Ross and Aaron Wais

In a compromise to avoid a ballot measure, at the very last moment on the very last day, just before the stroke of midnight, on June 29, 2018, the California legislature passed and Governor Brown signed into law the California Consumer Privacy Act of 2018 (the “Act”), which takes effect on January 1, 2020. Many of its provisions are similar to the General Data Protection Regulations (“GDPR”), which took effect in Europe at the end of May, and required companies to institute new internal data privacy regimes. So, while those companies which prepared for the GDPR are well on their way to gaining compliance with this new law, there is still much to be done by them and especially those companies which were not impacted by the GDPR.

Read more: California Consumer Privacy Act of 2018 - GDPR Lite?