As the year draws to a close, reform of the data subject access request (DSAR) regime in the EU and the UK may turn out to be a welcome gift for organisations grappling with complex access requests. Regulators in both jurisdictions are signalling a more flexible, pragmatic approach to compliance, recognising that DSARs have often been exploited for tactical or disruptive ends.Continue Reading On the Eleventh Day of Data… Unwrapping DSARs in 2026
The publication of the EU Digital Omnibus Proposal (“Omnibus”) on 19 November set out a two-part package of simplifications to its data protection rulebook. Pitched as a means to reduce regulatory friction and foster innovation, the initiative represents the EU’s ambition to reap the benefits of the digital revolution.
Following the Draghi report’s warning that the EU was trailing behind US and Chinese markets due to overregulation, the EU has course corrected its approach to digital regulation, overhauling its flagship data legislation to strengthen its position in the global market. The Omnibus thus forms part of the Commission’s wider promise to reduce administrative burdens by at least 25% for all businesses—and at least 35% for small and medium-sized enterprises (“SMEs”)—by 2029.Continue Reading On the Third Day of Data… This Omnibus Is on a Diversion: Highlights of the EU’s Digital Omnibus Proposal
The recent High Court case of London Borough of Lambeth v A.M. offers a salutary lesson in the importance of properly redacting documents. This issue comes up more than you’d think – and certainly more than it should.
You’ll recall that, in the spirit of transparency, the European Commission recently publicized a heavily redacted version of its AstraZeneca COVID-19 vaccine contract. The problem was that the Commission had been too transparent – literally. All of the redacted content in the contract could be viewed by simply using the bookmark tool in Adobe Acrobat’s Reader. Redactio ad absurdum.
Continue Reading When [Blank] Goes Wrong