
Kelly McMullon
Kelly McMullon is an associate in the Labor & Employment Law Department and member of the International Labor & Employment Group.
Kelly assists clients in a wide range of contentious and non-contentious labor and employment law matters including claims for unfair dismissal, discrimination and whistleblowing in a variety of sectors such as financial services, retail and information technology.
Subscribe to all posts by Kelly McMullon
A new legal mechanism to allow for transfers of personal data between the EU and the U.S. is now advancing after an October 7th, 2022 Executive Order was issued by U.S. President Biden (the “Executive Order”). The new mechanism is referred to as the EU-U.S. Data Privacy Framework (the “Framework”) and is intended to replace … Continue Reading
The UK Supreme Court handed down its much-anticipated decision in the Lloyd v Google LLC [2021] UKSC 50 case on 10 November 2021 restricting claimants’ ability to bring data privacy class actions in the UK under the (now repealed) Data Protection Act 1998 (DPA 1998). This decision will be persuasive (though not binding) with respect … Continue Reading
The final version of the new standard contractual clauses (“SCCs”) were published by the European Commission on June 4, 2021. Many organizations that transfer or receive personal data originating in the European Economic Area (“EEA”) outside the EEA will be required to implement these SCCs with their customers, suppliers and affiliates by December 2022 to … Continue Reading
It has been reported that European Commission will publish the final versions of new forms of Standard Contractual Clauses (“SCCs”) shortly (even potentially within the next few days). The Commission published draft versions of these SCCs and the implementing Commission Decisions in December 2020. These new SCCs are, arguably, the most significant development in European … Continue Reading
This alert focuses on the ongoing and developing privacy issues that have arisen for employers and healthcare providers communicating about the 2019 novel coronavirus (COVID-19). Specifically, we will discuss the steps that employers and healthcare companies need to consider when communicating to its employees, the media and general public, and government officials when an individual … Continue Reading
GDPR fines are seemingly like buses, you wait over a year for enforcement action by the UK’s data supervisory authority, the ICO, and then two come along at once – and with quite dramatic effect.… Continue Reading
With less than a month to go until the UK is due to leave the EU (at 11pm GMT/12pm CET on 29 March 2019), there is still much uncertainty as to whether, and if so how, the UK will exit the EU (commonly dubbed “Brexit”). In light of this uncertainty we outline what will happen, … Continue Reading
The General Data Protection Regulation (GDPR) comes into force across the European Union (EU) on 25 May 2018. It will have an impact on EU fund managers and may have an impact on non-EU fund managers depending on their operations. Below are FAQs to help EU and non-EU fund managers determine the extent to which the … Continue Reading
The European Commission has released proposals for new legislation that seeks to create stronger privacy in electronic communications. The draft Privacy and Electronic Communications Regulation (the “Regulation”) is intended to replace the ePrivacy Directive (2002/58/EC) and will also bring the law in line with the new rules as set out in the General Data Protection … Continue Reading
The CJEU (the European Union Court of Justice) has handed down a decision which makes clear that general and indiscriminate retention of electronic communications is unlawful. National legislation of each European Member State should ensure that mass surveillance only occurs where it is strictly necessary in order to combat serious crime as well as terrorism … Continue Reading
TalkTalk, a major UK telecoms company, has been fined £400,000 for a data breach after they were hacked. This is a record fine given by the ICO (the UK’s data protection authority). Significantly the fine was imposed after a change of leadership this summer when Elizabeth Denham (previously the Information Commissioner in the Canadian province of … Continue Reading
The European Parliament has approved the reformed General Data Protection Regulation (the “GDPR”). Given this is a Regulation (rather than a Directive), this legislation will apply automatically in every Member State (without need for additional domestic legislation) when it comes into force on May 25 2018. Many of the requirements are similar to those set … Continue Reading
EU-U.S. and UK-U.S. Data Transfer Deals Advance with White House Executive Order
By Ryan P. Blaney, Vishnu V. Shankar, Kelly McMullon and Vincent J. Tennant on Posted in Data Privacy Laws, European Union, GDPR, Privacy Law
UK Supreme Court Landmark Decision Limits Data Privacy Class Actions in the UK
Navigating the New Standard Contractual Clauses for International Data Transfers under the GDPR
By Ryan P. Blaney, Vishnu V. Shankar and Kelly McMullon on Posted in Cybersecurity, Data Privacy Laws, GDPR, International, Privacy Law
Preparing for the Final Version of the New EU Standard Contractual Clauses for International Data Transfers
By Vishnu V. Shankar, Kelly McMullon and Ryan P. Blaney on Posted in Data Privacy Laws, European Union, GDPR, Legislation, Privacy Law
Privacy Considerations for Employers and Health Care Providers When Communicating about Coronavirus-Infected Individuals
By Kelly McMullon, Mathilde Pépin and Ryan P. Blaney on Posted in HIPAA, Privacy Law, Workplace Privacy
ICO Issues First Intentions to Fine Under the GDPR
By Kelly McMullon on Posted in Data Privacy Laws, European Union, GDPR
What Does Brexit Mean for Data Protection?
By Kelly McMullon on Posted in Cybersecurity, Data Privacy Laws, European Union
GDPR FAQ’s for Fund Managers
By Kristen J. Mathews and Kelly McMullon on Posted in Data Privacy Laws, European Union
Draft Privacy and Electronic Communications Regulation published by European Commission
CJEU holds that mass surveillance must not be general and indiscriminate
TalkTalk handed record fine in data protection breach in the UK
By Daniel Ornstein and Kelly McMullon on Posted in Data Breaches, Data Privacy Laws, European Union, International
An Overview of the New General Data Protection Regulation
By Daniel Ornstein and Kelly McMullon on Posted in Data Privacy Laws, European Union