On 1 April 2020, the Supreme Court ruled that Morrisons is not vicariously liable for its employee’s criminal act of leaking payroll data of nearly 100,000 colleagues.
The Court overturned the 2018 Court of Appeal judgment which held Morrisons indirectly responsible for Mr Skelton’s acts, even though he committed them outside of work. The judgment, if upheld, would have
As we enter 2020, we consider what we expect to be on the data protection agenda this year.
More fines from the ICO?
In 2019, we saw the ICO issue two intentions to fine Marriott and British Airways in the sums of £99,200,396 and £183,390,000 respectively. Crucially, these are currently only intentions to fine and so we will await to
The ICO has prepared the code of conduct as required by s122 of the Data Protection Act 2018 and the ICO anticipates that the final version will be finalised later this year. The draft code covers direct marketing messages, online advertising and selling data.
In relation to direct marketing, the code reminds public sector bodies that rules on direct marketing
The ICO has recently published draft guidance about the special considerations that must be given to the rights of children under the General Data Protection Regulation. In 2017, Ofcom reported that 53% of children aged 3-4 access the internet and that figure reaches 99% for those aged 12 to 15 (Ofcom, Children and Parents: Media Use and Attitudes Report,
Procurement Policy Note 03/17 (Changes to Data Protection Legislation & General Data Protection Regulation) provides draft provisions to be added to new and current contracts to reflect the new requirements of the General Data Protection Regulation. The PPN is applicable to central government departments, executive agencies and non-departmental public bodies. However other public bodies may also find the guidance helpful