*/
By Rosemary Jay
Published by Sweet & Maxwell (2020)
ISBN 978-0414070967
Reviewed by Anya Proops QC
There can be few practising lawyers today who are unaware of the importance of the law on data protection. What was once seen as a back-office concern of little relevance to most practitioners, has now revealed itself as legal regime that is red in tooth and claw, certainly when judged from the perspective of those who control or otherwise process personal data. Whether you are grappling with the potentially significant burdens of the subject access regime, trying to work out how your client can lawfully effect mass cross-border data transfers, seeking to manage vast data breach class actions, working out whether some ingenious new AI poses untenable data privacy risks or even just trying to work out what kind of information will amount to ‘personal data’, the laws on data protection can present enormous challenges, but also significant opportunities for practitioners.
How, then, to navigate the legal maze that presents itself in the shape of the current data protection regime, lorded over as it is by the behemoth that is the General Data Protection Regulation? For most practitioners in the know, there is in truth only one answer to that question, which is that one needs to turn to Rosemary Jay’s excellent Data Protection: Law and Practice, the fifth edition of which has just been published.
Running to an impressive 1,630 pages, this is a book which not only addresses detailed issues concerning the operation of this complex and often seemingly impenetrable regime but also importantly seeks to ensure that practitioners see ‘the big picture’, both in terms of the social policy aims that underpin the legislation and in terms of the interplay between the various different EU and domestic laws comprised within that regime. These are important considerations. The complexity and wide-ranging nature of the regime is such that it all to easy to lose sight of what it is actually looking to achieve, which in turn affects the quality of the advice given. Moreover, it is no good seeking to advise on the full range of data protection issues if you don’t have a grasp of the way in which the GDPR interacts with other relevant EU law regimes, such as the E-commerce regime or the privacy and electronic communications (PEC) regime.
Consistent with earlier editions, this book is well-researched, easy to read and highly informative. It covers all the important topics, including those that many who are new to the field may not have appreciated were an issue. As well as providing a detailed overview of the key principles, there are also discrete thematic sections that address some of the key issues confronting clients. Thus, for example, there are sections on: security obligations and breach notifications; overseas transfers; transparency obligations; subject access; freedom of expression; criminal offences; the PEC regime (particularly important when it comes to marketing activities); national security and criminal law enforcement exemptions; complaints, judicial remedies and compensation actions; administrative penalties; the role and powers of the Information Commissioner and international cooperation and the European Data Protection Board. These sections carefully guide readers through the key issues, frankly acknowledging those very many areas where the law remains unclear.
Of course, post-Brexit, the future of data protection, at least in this jurisdiction, remains shrouded in considerable uncertainty, a point reflected upon throughout the book. Indeed, if recent government policy statements are anything to go by, it is realistic to suppose that, at some point in the future, the regime in the UK may undergo a significant sea-change, with the result that we will all need to adjust our thinking. The notion that, in a post-COVID world, the government may seek to recalibrate the domestic data protection regime so as to make it less onerous for business, and more attractive in particular to the tech sector, is not beyond the realms of imagination. However, for now, Ms Jay’s book presents itself as one of the best, if not the best, guides to the current legal terrain.
There can be few practising lawyers today who are unaware of the importance of the law on data protection. What was once seen as a back-office concern of little relevance to most practitioners, has now revealed itself as legal regime that is red in tooth and claw, certainly when judged from the perspective of those who control or otherwise process personal data. Whether you are grappling with the potentially significant burdens of the subject access regime, trying to work out how your client can lawfully effect mass cross-border data transfers, seeking to manage vast data breach class actions, working out whether some ingenious new AI poses untenable data privacy risks or even just trying to work out what kind of information will amount to ‘personal data’, the laws on data protection can present enormous challenges, but also significant opportunities for practitioners.
How, then, to navigate the legal maze that presents itself in the shape of the current data protection regime, lorded over as it is by the behemoth that is the General Data Protection Regulation? For most practitioners in the know, there is in truth only one answer to that question, which is that one needs to turn to Rosemary Jay’s excellent Data Protection: Law and Practice, the fifth edition of which has just been published.
Running to an impressive 1,630 pages, this is a book which not only addresses detailed issues concerning the operation of this complex and often seemingly impenetrable regime but also importantly seeks to ensure that practitioners see ‘the big picture’, both in terms of the social policy aims that underpin the legislation and in terms of the interplay between the various different EU and domestic laws comprised within that regime. These are important considerations. The complexity and wide-ranging nature of the regime is such that it all to easy to lose sight of what it is actually looking to achieve, which in turn affects the quality of the advice given. Moreover, it is no good seeking to advise on the full range of data protection issues if you don’t have a grasp of the way in which the GDPR interacts with other relevant EU law regimes, such as the E-commerce regime or the privacy and electronic communications (PEC) regime.
Consistent with earlier editions, this book is well-researched, easy to read and highly informative. It covers all the important topics, including those that many who are new to the field may not have appreciated were an issue. As well as providing a detailed overview of the key principles, there are also discrete thematic sections that address some of the key issues confronting clients. Thus, for example, there are sections on: security obligations and breach notifications; overseas transfers; transparency obligations; subject access; freedom of expression; criminal offences; the PEC regime (particularly important when it comes to marketing activities); national security and criminal law enforcement exemptions; complaints, judicial remedies and compensation actions; administrative penalties; the role and powers of the Information Commissioner and international cooperation and the European Data Protection Board. These sections carefully guide readers through the key issues, frankly acknowledging those very many areas where the law remains unclear.
Of course, post-Brexit, the future of data protection, at least in this jurisdiction, remains shrouded in considerable uncertainty, a point reflected upon throughout the book. Indeed, if recent government policy statements are anything to go by, it is realistic to suppose that, at some point in the future, the regime in the UK may undergo a significant sea-change, with the result that we will all need to adjust our thinking. The notion that, in a post-COVID world, the government may seek to recalibrate the domestic data protection regime so as to make it less onerous for business, and more attractive in particular to the tech sector, is not beyond the realms of imagination. However, for now, Ms Jay’s book presents itself as one of the best, if not the best, guides to the current legal terrain.
By Rosemary Jay
Published by Sweet & Maxwell (2020)
ISBN 978-0414070967
Reviewed by Anya Proops QC
By Derek Sweeting QC
What should barristers be doing on the personal finance front ahead of the end of the tax year on 5 April? Julian Morgan of Fleet Street Wealth answers your questions
Are you ready to embark on this arduous but potentially rewarding journey? Julie Gottlieb of Sherwood PSF Consulting provides a self-examination checklist, hints and tips to help you prepare for a future application
Unlocking your aged debt to augment cash flow in one easy step… By Philip N Bristow of Vector Professions Finance
Aejaz Mussa and Bethany Wong explain how ONELAW CHAMBERS' expert solicitors and barristers are shaping the legal industry during these unprecedented times and are prepared for the post-COVID era
By Alexander Sverdlov
By Derek Sweeting QC
Launched just before Lockdown One, Hannah Markham QC charts a year in the life of the WiFL forum – plus WiFL’s plans to spearhead its next year of inspirational women
What should barristers be doing on the personal finance front ahead of the end of the tax year on 5 April? Julian Morgan of Fleet Street Wealth answers your questions
The problem with ambition is when we tie it to the wrong destination... something with which lawyers commonly struggle, says Helen Conway
Are high achievers their own worst enemies when it comes to self-doubt? Nikki Alderson offers ten strategies to help you overcome imposter syndrome and achieve your goals