Data protection and privacy
Our experienced data protection lawyers understand that using data effectively is often business critical and can add real benefit to your operations and ultimately your success as a business. Data assists you in making informed business decisions and the determination of strategic direction as well as product and service development and the enhancement of interactions with your stakeholders.
The data protection regulation landscape is complex and increasingly shaped by international legislation and protocols, combined with increasing public concern and scrutiny regarding the security of personal information and the ways in which it’s used. The costs and risks of mismanaging data are high; with high fines, compensation payments, reputational issues and even criminal penalties should things go wrong.
Our data protection lawyers also have extensive experience advising on privacy issues associated with behavioural advertising and location information, browser-generated information and device recognition technologies. We act for global data companies in respect of privacy implications of their day-to-day operations and development of new technology.
What we do
- Draft and review of contracts – we support our clients in drafting and reviewing contracts, licensing agreements, service agreements, privacy notices, and other policies and procedures to help ensure compliance with data protection rules.
- Developments in privacy laws and guidance - we regularly advise clients on the implications of developments in privacy laws and guidance.
- Supporting data breach management - we have extensive experience of providing legal support to clients at all stages, including: preparation and prevention, training, crisis management and resolution and recovery. We have strong connections with third parties who can provide specialist non-legal support, for example, threat intelligence, IT security specialists, public relations and credit monitoring. We can manage the process to ensure a coordinated approach protected by legal privilege.
- Supporting privacy-related litigation - we advise clients who are bringing or defending civil actions for breach of data protection, breach of confidence and for misuse of private information. We defend clients under investigation for criminal offences related to unlawful use of personal information. We also support victims of data crime or those who have acted as witnesses in criminal investigations.
- The UK General Data Protection Regulation (GDPR) - we understand how the GDPR impacts UK businesses and are working with clients to lead efforts on their GDPR and cyber-security compliance programmes.
- Training and updates - we offer bespoke on-site training on data protection and cybersecurity issues. Our wider programme of training and legal updates also enables you to stay informed on developments in privacy laws and guidance.
- Responding to and undertaking law enforcement requests for access to personal data - we advise on managing requests for information from a wide range of law enforcement bodies. We have advised clients on complying with mandatory and discretionary requests.
- Data protection audit - we offer a range of auditing services advising organisations on their internal approach to data protection and privacy and data breach. We manage the registration and renewal process for notifications with the Information Commissioner’s Office.
A major insurance provider
Advising a major insurance provider in relation to: (i) an audit of its existing affinity partnership agreements and associated marketing arrangements and (ii) developing a new form of affinity partnership agreement and in-house practices to demonstrate enhanced compliance with data protection and regulatory requirements. The work is important to our client as it relates to a growth area of the business and potential new marketing channels.
A national public body
Advising a national public body on its policy in dealing with FOI requests. The client received confidential information alleging the misuse of public money and was concerned to ensure it was able to keep the identity of those providing such information confidential.
An international consulting business
Undertaking a global data privacy compliance audit for an international consulting business headquartered in the US, with employees in 40 countries and operations in over 100 countries - working to understand its data flows, data maps and international data transfers.
A leading international luxury retail brand
Advising a leading international luxury retail brand on the data protection aspects of the creation and rollout of a paper and electronic customer information card which will be used worldwide and is designed to capture shoppers’ personal data.
"Great service and lovely people. Never made to feel that I should know something when I don't!"
"They have excellent visibility in the market, with useful contacts and vast experience of working within our sector. They have also responded quickly to every request we have made."
You may be interested in...
Progress on the Automated Vehicles Bill
Data protection in higher education: what to expect in 2024
The rise of AI in construction
In Person Event
Government foreshadows significant savings for public bodies as part of data protection overhaul
ICO consultation on transparency in health and social care
How to mitigate risk in disputes arising from AI use in technology projects
Monitoring workers – ICO guidance
ICO consultation on fertility tracking apps
UK: Legal issues with deepfakes
New guidance for employers on subject access requests published by the ICO
Ali Round 2 - High Court gives further guidance on causation and quantum for data breaches
Browne Jacobson welcomes former ICO lawyer to support growing UK&I data privacy and tech practice
Update on data protection claims - Austrian Post Case
Browne Jacobson launches specialist Ascensus programme for in house lawyers and business leaders
Mopping up after a leak – how businesses can take steps to protect their confidential information
Cyber security and data breaches
Update on the Digital Services Act (“DSA”) – Important Dates and Deadlines Looming
Government publishes its proposals for expanding the Scope of the Network and Information Systems Regulations 2018
Protecting children and their data in the online environment
Bruce Willis AI and the problem with deepfakes
A deepfake of Bruce Willis is advertising Russian mobile phones. Many great artistic and metaphysical questions are raised by this performance. However, this article is going to look at the intellectual property law implications, from a UK perspective.
DSA approved: Targeted Advertising Rules explained
Economic crime and cybercrime
It is clear that the digital landscape, often termed cyberspace, is a man-made environment, in which human behaviour dominates and where technology both influences and aids our role in it — through the internet, telecoms and networked computer systems, which are often interdependent. The extent to which any organisation is potentially vulnerable to cyber-attack depends on how well these elements are aligned.
Data reform in the UK
Since the UK left the EU and are now able to move away from the EU data protection regime, the UK government have implemented a national data strategy with the aim of reducing the burden on organisations but maintaining a high data protection standard.
Are local authority companies subject to the Freedom of Information Act 2000?
In this article we look at local authority companies and whether they are subject to the Freedom of Information Act 2000. And for those that are, what information are they legally obliged to submit.
Digital Markets Act and Data Platforms - FRANDs for life?
The Digital Markets Act (the “DMA”) joins the dots between competition law and data protection law and actively targets data-driven platforms. It is also a comprehensive regulation to take note of, with familiar GDPR-style fines tied to turnover.
Avoiding the pitfalls of WhatsApp
The use of social media platforms and applications can have overwhelmingly positive benefits for public bodies. However, regulatory action recently taken by the Information Commissioner, has highlighted various pitfalls that public bodies should seek to avoid if allowing staff to use social media as a communication tool.
ICO consultation on research provisions guidance
The data protection legislation (namely, the UK GDPR and Data Protection Act 2018) contain various provisions that deal with the processing of personal data for research purposes.
More good news for data controllers: High Court finds local authority not vicariously liable for the actions of social worker who went off on a "frolic of her own"
Five top tips for strong data compliance in 2022
This article has five excellent top tips for strong data compliance in 2022, including; embracing near misses, leading from the top, outcomes-focused training, learning walks, consequences.
Stemming the tide of data breach claims: good news for data controllers
The cases summarised give considerable comfort to data controllers seeking to defend themselves against claims that relate to breaches arising as a result of a failure rather than a direct act and/or are based on assertions of damage or distress that are exaggerated, unsubstantiated or bear little relation to the breach itself.
Reaction: Supreme Court rules in favour of Google
What are the requirements of cookie law
Cookies and similar technologies are a useful and often necessary tool for online businesses, but their use is governed by both the Privacy and Electronic Communications Regulations (PECR) and the GDPR.
Steps to take following a data breach: reporting, criminal charges and injunctions
Student and staff files will be full of personal data, much of which may be particularly sensitive such as health information (known under the data protection legislation as “special category” data).
Confidential information and subject access disclosure
In February 2021, the High Court handed down judgment London Borough of Lambeth v AM (No. 2)  EWHC 186 (QB), in which Browne Jacobson LLP acted for the Claimant Council. The judgment is critical reading for public bodies who are required to take action to restrict the use of confidential information in circumstances where that information has been inadvertently disclosed to a third-party.
Lloyd v Google – what next?
The Supreme Court’s pending decision could potentially open the floodgates for data privacy litigation going forward.
Claims club - 16 June 2021
High Court grants local authority injunction to prevent breach of confidence
This judgment is critical reading for public bodies who need to take action to restrain the use of confidential information in circumstances where that information has been inadvertently disclosed to a third party.
Brexit - now what for data protection law?
UK organisations need to comply with the UK GDPR and continue to be subject to the EU GDPR where EU data is being processed, so there may be two versions of the GDPR to comply with for some personal data processing.