7LAW1073 Data Protection Law

Assessment Question:

Make a critical analysis of a subject matter e.g. a case, news, incident, a company’s terms and conditions or code of conduct, data protection or privacy policy, or practice from a private or public sector, illustrating infringementof consent or transparency requirements in relation to processing of personal data. Your analysis needs to include

• summary of the facts of the chosen subject matter,
• brief analysis of applicable provisions of the General Protection Data Regulation 2018 (EU) 2016/679 (GDPR),
• identification of the source of problems in view of the applicable law, and
• solutions that should apply (or were applied) to respond to the problems identified and/or to deter similar problems from happening in future.

Please ensure that the infringement at stake is related to at least two GDPR provisions and substantiate your analysis with examination of appropriatesafeguards given the characteristic features of the chosen subject matter. In your analysisconsider the data protection law rules and principles, along with the case law where appropriate, that are closely related tothe‘informed consent’ and ‘transparency’ requirementsfor the processing of personal data.

You are free to select any case, news, incident, company terms and conditions or code of conduct, data protection or privacy policy, or sector practice other than those specifically examined in the initial three weekly units. A non-exhaustive list of examples is given below:

R (Bridges) v Chief Constable of South Wales Police and Others [2020] EWCA Civ 1058.

Royal Free London NHS Foundation-Google DeepMind partnership (2017)

Cambridge Analytica Scandal (2016)

COVID-19 pandemic measures, either at governmental or local or corporate level

An app’s terms and conditions

A utility’s or phone company’s data protection policy

A car insurance policy

Disclosure obligations in a contract (e.g. tenancy agreement)

A loan scheme or mortgage agreement