*/
By Rosemary Jay
Published by Sweet & Maxwell (2020)
ISBN 978-0414070967
Reviewed by Anya Proops QC
There can be few practising lawyers today who are unaware of the importance of the law on data protection. What was once seen as a back-office concern of little relevance to most practitioners, has now revealed itself as legal regime that is red in tooth and claw, certainly when judged from the perspective of those who control or otherwise process personal data. Whether you are grappling with the potentially significant burdens of the subject access regime, trying to work out how your client can lawfully effect mass cross-border data transfers, seeking to manage vast data breach class actions, working out whether some ingenious new AI poses untenable data privacy risks or even just trying to work out what kind of information will amount to ‘personal data’, the laws on data protection can present enormous challenges, but also significant opportunities for practitioners.
How, then, to navigate the legal maze that presents itself in the shape of the current data protection regime, lorded over as it is by the behemoth that is the General Data Protection Regulation? For most practitioners in the know, there is in truth only one answer to that question, which is that one needs to turn to Rosemary Jay’s excellent Data Protection: Law and Practice, the fifth edition of which has just been published.
Running to an impressive 1,630 pages, this is a book which not only addresses detailed issues concerning the operation of this complex and often seemingly impenetrable regime but also importantly seeks to ensure that practitioners see ‘the big picture’, both in terms of the social policy aims that underpin the legislation and in terms of the interplay between the various different EU and domestic laws comprised within that regime. These are important considerations. The complexity and wide-ranging nature of the regime is such that it all to easy to lose sight of what it is actually looking to achieve, which in turn affects the quality of the advice given. Moreover, it is no good seeking to advise on the full range of data protection issues if you don’t have a grasp of the way in which the GDPR interacts with other relevant EU law regimes, such as the E-commerce regime or the privacy and electronic communications (PEC) regime.
Consistent with earlier editions, this book is well-researched, easy to read and highly informative. It covers all the important topics, including those that many who are new to the field may not have appreciated were an issue. As well as providing a detailed overview of the key principles, there are also discrete thematic sections that address some of the key issues confronting clients. Thus, for example, there are sections on: security obligations and breach notifications; overseas transfers; transparency obligations; subject access; freedom of expression; criminal offences; the PEC regime (particularly important when it comes to marketing activities); national security and criminal law enforcement exemptions; complaints, judicial remedies and compensation actions; administrative penalties; the role and powers of the Information Commissioner and international cooperation and the European Data Protection Board. These sections carefully guide readers through the key issues, frankly acknowledging those very many areas where the law remains unclear.
Of course, post-Brexit, the future of data protection, at least in this jurisdiction, remains shrouded in considerable uncertainty, a point reflected upon throughout the book. Indeed, if recent government policy statements are anything to go by, it is realistic to suppose that, at some point in the future, the regime in the UK may undergo a significant sea-change, with the result that we will all need to adjust our thinking. The notion that, in a post-COVID world, the government may seek to recalibrate the domestic data protection regime so as to make it less onerous for business, and more attractive in particular to the tech sector, is not beyond the realms of imagination. However, for now, Ms Jay’s book presents itself as one of the best, if not the best, guides to the current legal terrain.
Anya Proops KC is a barrister specialising in privacy, media and data protection at 11KBW.
There can be few practising lawyers today who are unaware of the importance of the law on data protection. What was once seen as a back-office concern of little relevance to most practitioners, has now revealed itself as legal regime that is red in tooth and claw, certainly when judged from the perspective of those who control or otherwise process personal data. Whether you are grappling with the potentially significant burdens of the subject access regime, trying to work out how your client can lawfully effect mass cross-border data transfers, seeking to manage vast data breach class actions, working out whether some ingenious new AI poses untenable data privacy risks or even just trying to work out what kind of information will amount to ‘personal data’, the laws on data protection can present enormous challenges, but also significant opportunities for practitioners.
How, then, to navigate the legal maze that presents itself in the shape of the current data protection regime, lorded over as it is by the behemoth that is the General Data Protection Regulation? For most practitioners in the know, there is in truth only one answer to that question, which is that one needs to turn to Rosemary Jay’s excellent Data Protection: Law and Practice, the fifth edition of which has just been published.
Running to an impressive 1,630 pages, this is a book which not only addresses detailed issues concerning the operation of this complex and often seemingly impenetrable regime but also importantly seeks to ensure that practitioners see ‘the big picture’, both in terms of the social policy aims that underpin the legislation and in terms of the interplay between the various different EU and domestic laws comprised within that regime. These are important considerations. The complexity and wide-ranging nature of the regime is such that it all to easy to lose sight of what it is actually looking to achieve, which in turn affects the quality of the advice given. Moreover, it is no good seeking to advise on the full range of data protection issues if you don’t have a grasp of the way in which the GDPR interacts with other relevant EU law regimes, such as the E-commerce regime or the privacy and electronic communications (PEC) regime.
Consistent with earlier editions, this book is well-researched, easy to read and highly informative. It covers all the important topics, including those that many who are new to the field may not have appreciated were an issue. As well as providing a detailed overview of the key principles, there are also discrete thematic sections that address some of the key issues confronting clients. Thus, for example, there are sections on: security obligations and breach notifications; overseas transfers; transparency obligations; subject access; freedom of expression; criminal offences; the PEC regime (particularly important when it comes to marketing activities); national security and criminal law enforcement exemptions; complaints, judicial remedies and compensation actions; administrative penalties; the role and powers of the Information Commissioner and international cooperation and the European Data Protection Board. These sections carefully guide readers through the key issues, frankly acknowledging those very many areas where the law remains unclear.
Of course, post-Brexit, the future of data protection, at least in this jurisdiction, remains shrouded in considerable uncertainty, a point reflected upon throughout the book. Indeed, if recent government policy statements are anything to go by, it is realistic to suppose that, at some point in the future, the regime in the UK may undergo a significant sea-change, with the result that we will all need to adjust our thinking. The notion that, in a post-COVID world, the government may seek to recalibrate the domestic data protection regime so as to make it less onerous for business, and more attractive in particular to the tech sector, is not beyond the realms of imagination. However, for now, Ms Jay’s book presents itself as one of the best, if not the best, guides to the current legal terrain.
By Rosemary Jay
Published by Sweet & Maxwell (2020)
ISBN 978-0414070967
Reviewed by Anya Proops QC
Chair of the Bar sets out a busy calendar for the rest of the year
By Louise Crush of Westgate Wealth Management
Examined by Marie Law, Director of Toxicology at AlphaBiolabs
Time is precious for barristers. Every moment spent chasing paperwork, organising diaries, or managing admin is time taken away from what matters most: preparation, advocacy and your clients. That’s where Eden Assistants step in
AlphaBiolabs has announced its latest Giving Back donation to RAY Ceredigion, a grassroots West Wales charity that provides play, learning and community opportunities for families across Ceredigion County
Rachel Davenport, Co-founder and Director at AlphaBiolabs, outlines why barristers, solicitors, judges, social workers and local authorities across the UK trust AlphaBiolabs for court-admissible testing
Through small but meaningful efforts, we can restore the sense of collegiality that has been so sorely eroded, says Baldip Singh
Come in with your eyes open, but don’t let fear cloud the prospect. A view from practice by John Dove
Looking to develop a specialist practice? Mariya Peykova discusses the benefits of secondments and her placement at the Information Commissioner’s Office
Anon Academic explains why he’s leaving the world of English literature for the Bar – after all, the two are not as far apart as they may first seem...
Review by Stephen Cragg KC
