Do victims of a cyberbreach need to prove harm?

Do victims of a cyberbreach need to prove harm?

I have just posted to my linked in blog, on the reference from the Austrian courts as to whether victims of a data breach need to prove harm for compensation.

The Advocate General is not so sure, although on my CIPP(E) course the instructor was clear; a breach of rights is a harm.

I look at the GDPR, the DPA 2018, which confirms that in the UK, ‘“non-material damage” includes distress.’.

I conclude by noting that, “My experience in tracking the citizen’s panels of the Conference on the Future of Europe (CoFoE) is that Europe’s citizen’s, the children and grand children of facist and stalinist societies are looking for greater enforcement, not less.” Politicians in the EU are under pressure to go in the other direction.  …

Dignity and respect at work

I was writing a motion for GMB Congress on Bullying and came across this, from one of the ACAS codes, as part of the definition,

Everyone should be treated with dignity and respect at work

I thought that maybe there’s a human rights dimension so went to check out the European Convention on Human Rights since we are losing the EU’s Charter of Fundamental Rights which does include it. Nope! ECHR doesn’t! Well done! …

Another Red Line

I wrote this as an after thought to my article on Corbyn’s letter to May on Labour’s new Red Lines because it fascinates me; the European Arrest warrant is only available to full members of the EU, and in order to join or use it, it is necessary to comply with the CJEU and the Charter of Fundamental Rights to have access to it. Frankly the Good Friday Agreement needs that too. This would seem to be a trojan horse to put the Court and Charter of Rights back on the table. I wonder if they realise? … …

The Data Flow implications of Brexit

The Data Flow implications of Brexit

Project Fear or Project Reality about Brexit continues and while risks to banking, air travel, radio-therapy and the pan-European integrated manufacturing supply chains are all making the headlines, there is also a serious problem with maintaining data flows particularly of personal data, which underpins both secondary & tertiary sector industries.  This article looks at the threat to trade involving data flows posed by Brexit and looks at the likely shape of US/EU data flow and privacy regulation. …

Parliamentary Sovereignty’s best sell by date

Parliamentary Sovereignty’s best sell by date

I went to the Labour Campaign for Human Rights meeting in the Commons yesterday, the keynote speaker was Kier Starmer, the Labour Brexit spokesman. He opened his speech stating he had voetd “Remain” based on jobs and rights and woke up on 27th June asking what world we live in. He argued that now we needed to accept democracy and that UK’s politics is about the new relationship with the EU. He argues we need to re-root our rights in UK law! (What like the Human Rights Act?) Labour is proposing a new Law to transcribe the EU’s rights and protections into UK law, but under the Tories this will be weak since the Tories are not planning to bring the “Fundamental Charter of Rights” across into UK law. …

Oi!, You! No snooping on my emails and chat!

Oi!, You! No snooping on my emails and chat!

Earlier this week, the Court of Justice of the European Union delivered its judgement on the legality of the UK & Swedish data retention and surveillance laws. They confirmed their ruling from 2015 that general monitoring is illegal, that retention must be specific and is only allowed to combat serious crimes, that access to surveillance records must be authorised by independent authorities and that EU data subjects must be have access to legal remediation if their rights to privacy are breached. The Guardian report on it here, the Independent here ,the Register here and even  the Daily Mash comments here. The UK’s Investigatory Powers Act also gives the government the right to mandate backdoors in UK operated communications products; these powers may also fall foul of the prohibition on general monitoring and the need for independent review. While the ruling is specific to the UK’s DRIPA law, which has now been replaced by the Investigatory Powers Act, it poses a clear challenge to the legality of the new Law. …

Here come de Judge

Here come de Judge

The highest levels of international judiciary have been busy over the last week, I report and comment on the Microsoft vs. FBI on linkedin Pulse, in an article called “Citizens Win”. It was quite simple in the end, the law under which the FBI was seeking search warrant powers was not on of the post 911 laws, but an earlier one and the US District Court says that the law grants no power of inspection abroad. The spooks are going to have to apply for an Irish warrant. In Europe however, Tom Watson’s & David Davies’s judicial review on DRIPA have reached the Advocate General. This reported by Tom Watson here, and by Glyn Moody here. Watson writes about the need for strong judicial review of the search warrants, and Moody brings up that mass surveillance can only be used in the fight against serious crime.  …

Safe Harbour

Last month the Court of Justice of the European Union ruled the US Safe Harbour treaty to be insufficient for European data protection law purposes. How important this is, is subject to debate. One of the principles of European Data Protection law is that personal and confidential data must be “adequately protected”. The CJEU has stated that the US Safe Harbour agreement offers insufficient and uncertain protection to European personal data. …