Believe it or not, we have been enjoying a period of relative stability during 2020 – at least when it comes to Brexit. That is because we are still in the transition period, set to expire at midnight on 31 December, 2020.

Max Schrems has spoiled US plans for dealing with data from European countries for a second time. On 15^th July, the CJEU issued a judgment which invalidated the U.S. Privacy Shield. This had previously enabled data transfers between the U.S. and the EU without the need for any alternative transfer mechanisms. 

On the 16^th of  July, the Court of Justice of the European Union (“CJEU”) will release its opinion in the ‘Schrems II’ case, which could have a significant impact on the use of standard contractual clauses and third party transfers of personal data.

California’s data protection law went into effect on 1 January, 2020. It is far and away the most robust piece of legislation dealing with consumer privacy in the United States. While the California Consumer Privacy Act (CCPA) applies primarily to California businesses, it will likely have some knock-on effects for anyone who does business within the United States, especially when dealing with personal data.

With more and more of our day to day life happening in an online environment, many decisions are inevitably made by computers, with no human involvement – a process called automated decision-making.  Organisations use technology, including algorithms and machine-learning, to collect and analyse a range of personal data about an individual – from their buying habits to lifestyle data, from social network data to mobile phone data. Automated individual decision-making is frequently used for the purposes of profiling. Profiling is defined by the GDPR as:“Any form of automated processing of personal data consisting of the use of personal data to evaluate certain...