Data & Privacy
Cyber_Bytes - Issue 6 2020
Welcome to Cyber_Bytes, a round up of key developments in cyber, tech and evolving risks over the first month of 2020.
Read moreCyber_Bytes - Issue 5 2019
Welcome to Cyber_Bytes, a bi-weekly roundup of key developments in cyber, tech and evolving risks.
Read moreCyber_Bytes - Issue 4 2019
Welcome to Cyber_Bytes, a round up of key developments in cyber, tech and evolving risks over the last two weeks.
Read moreNo Deal Brexit – implications for data and privacy law compliance
The Brexit rollercoaster ride continues. At the time of writing, the UK and EU have just announced the agreement of a new withdrawal deal but there are serious doubts about whether it will be backed by Parliament. Despite the requirements of the Benn Act, the risk of the UK leaving the EU without a deal continues to be a concern.
Read morePushing back on APP scams
An Authorised Push Payment (APP) is where a payer instructs their payment service provider, such as their bank, to send money from their account to another. These payments are usually made through the Faster Payment Service or CHAPS.
Read moreThe latest cyber stats revealed (the Cyber Security Breaches Survey 2019)
Whilst cyber attacks decrease, the threats to businesses remain. We give you the Cyber Security Breaches Survey 2019.
Read moreSeeking the "right regulation" of digital services: Lords' Communications Committee articulates its vision
In 2018, Mark Zuckerberg, Facebook's CEO, told the US Senate Judiciary Committee that the question was no longer whether there should be regulation of the internet, but what is the right regulation.
Read moreLove (or hate) Data?
Personal Data and Special Category Personal Data – what has changed? "The course of true love never did run smooth" - Shakespeare, W., A Midsummer Night's Dream The definition of personal data is obviously fundamental to the General Data Protection Regulation (GDPR). When considering data protection, your first question should always be – 'is this data personal data?'
Read moreHappy Valentine's Day from RPC: Love (or hate) data?
So it is that time of year again. Love is in the air - roses, prosecco (if you're lucky, champagne), chocolates (in boxes covered in sickly hearts as though a heart surgeon has gone serial killer – yes, we're big fans of Luther).
Read moreGDPR and the Data Protection Act 2018 – how do they impact publishers?
The need for publishers to ensure that their processing of personal data complies with the law is more important than ever.
Read moreVicarious liability of data controllers: The Morrisons data breach case
Following the conviction of Andrew Skelton, a former Morrisons employee, after he published Morrisons’ employees’ personal details on a file sharing website, a group of over 5,500 employees of Morrisons took action against the supermarket to recover compensation for breach of a statutory duty under the UK Data Protection Act 1998 (‘DPA’), as well as for breach of confidence and misuse of private information.
Read moreThorny issues of jurisdiction and claim form service laid bare by High Court
In Howard Kennedy v The National Trust for Scotland [2017] EWHC 3368 (QB), the High Court considered two complex issues: one relating to the doctrine of forum non conveniens and the other to the CPR provisions on service of a claim form. In his judgment, handed down yesterday, Sir David Eady stayed the action in England & Wales on the basis that Scotland is the more appropriate forum. He also provided guidance on the tricky interplay between deemed and actual service of a claim form, ultimately holding that the claim form in this case had been validly served in time.
Read moreGovernment sets out details of new data protection legislation
The Government has today published a Statement of Intent setting out details of the forthcoming Data Protection Bill. Matt Hancock MP, the Digital Minister, says that the reforms will "bring our data protection law up to date" whilst transferring the General Data Protection Regulation ('GDPR') into domestic law. The text of the Data Protection Bill is expected in early September.
Read moreWhen can publishing newspaper articles amount to harassment?
The High Court has struck out part of a harassment claim against the publisher of the Daily Mail and Mail Online. Unless the Judge's order is successfully appealed, the remaining harassment claim will proceed to trial.
Read moreSupreme Court endorses open justice principle
The Supreme Court has handed down its much anticipated judgment on reporting restrictions and the principle of open Justice in the case Khuja (formally PNM) v Times Newspapers Limited.
Read moreBrevan Howard's gagging order against Reuters upheld by the Court of Appeal in breach of confidence case
The news agency, Reuters, has lost its appeal against an injunction, which prevented it from reporting leaked confidential and commercially sensitive information concerning a leading global alternative asset manager, Brevan Howard Asset Management LLP.
Read moreCFAs and ATE premiums out of the running in freedom of expression cases
Supreme Court tips media organisations' Article 10 rights over obligation to pay claimants' additional liabilities in freedom of expression cases
Read moreEleven more charities fined by ICO in 'wealth screening' probe
The ICO has fined a further eleven charities following an investigation that revealed widespread misuse of donors' personal data.
Read moreSecret 'wealth-screening' by charities breaks data laws
An ICO investigation into charity fundraising practices has led to two charities being fined and eleven being issued with Notices of Intent to fine.
Read moreItalian data protection authority issues fines totalling more than €11m for illegal data processing
The fines are thought to be the highest ever issued by a European data protection authority.
Read moreCouple awarded £17,000 damages for distress caused by neighbour's CCTV surveillance
The compensation is an example of the rise of "distress" claims as a result of breaches of the Data Protection Act 1998 (DPA).
Read moreBrexit does not spell the end of the GDPR
The General Data Protection Regulation (the GDPR) is due to become law on 25 May 2018. As this will be before “Brexit” (Britain’s exit from the EU) takes effect, the GDPR will apply in the UK from that date.
Read moreInvestigatory Powers Act gets royal assent
This week, the Queen gave royal assent to the Investigatory Powers Bill (aka "The Snoopers Charter"), marking the end of the controversial bill's passage into law.
Read moreICO issues record £400,000 fine for TalkTalk data breach
The record fine is an indication that the new Information Commissioner, Elizabeth Denham, is looking to take a robust approach to enforcement ahead of the introduction of the GDPR in May 2018.
Read moreMax Schrems toppled Safe Harbor – will the Model Clauses be next?
On Monday, the Irish Data Protection Commissioner announced that it intends to seek clarification on the legal status of the EU Standard Contractual Clauses (the Model Clauses).
Read moreICO updates Direct Marketing Guidance
On 24 March 2016 the Information Commissioner's Office (ICO) published a long-awaited update to its Direct Marketing Guidance (the Guidance).
Read moreCofA injuncts revelation of celebrity's extramarital threesome
The Court of Appeal has granted a privacy injunction (its first since 2011) to prevent the Sun on Sunday revealing details of a well-known entertainer’s extramarital threesome (PJS v News Group Newspapers Ltd [2016] EWCA Civ 100).
Read moreChanges to data protection regulation – what could it mean for you?
The new General Data Protection Regulation fundamentally rewrites the way data processing happens across the EU. Hear more from Olly Bray.
Read moreRPC hosts seminar on 'Data Privacy and the Media'
On 28 January 2016, RPC hosted a 'Question Time' style panel discussion for a range of media lawyers on data protection and its particular relevance to the media industry and media companies.
Read moreDaily Telegraph publisher fined £30k for general election email campaign
On 15 December 2015 the Information Commissioner's Office (ICO) issued Telegraph Media Group Limited (the Telegraph) with a Monetary Penalty Notice
Read moreNew EU data protection rules (finally!) agreed
On the 17th of December, and after much negotiation, a final draft of the new General Data Protection Regulation (GDPR) was approved by the Civil Liberties, Justice and Home Affairs (LIBE) committee of the European Parliament.
Read moreNational Grid hit with £2m fine for health and safety breach
A sign of things to come?
Read moreSerbian forum shopper in disclosure breach of duty has privacy and libel action struck out
On 23 November 2015 Sir Michael Tugendhat set aside an order for service out of the jurisdiction of proceedings for the misuse of private information and libel which had been made by Master Roberts on 31 March 2015 in respect of an article in Politika,
Read moreTwitter found unsuitable means of communicating FOI request
The First Tier Tribunal (Information Rights) (the Tribunal) has held that a request under the Freedom of Information Act 2000 made via Twitter is not valid.
Read moreTim Yeo loses libel action against Sunday Times
The High Court has today dismissed an action by Tim Yeo, the former MP for South Suffolk and Chairman of the Energy and Climate Change Select Committee, against Times Newspapers Limited in an important judgment on the Reynolds defence and the scope of politicians' Article 8 rights.
Read moreCofA upholds privacy claim by Paul Weller family
The Court of Appeal has upheld a High Court finding that the publishers of Mail Online infringed the privacy of three of Paul Weller's children by publishing unpixellated pictures of them on a family shopping trip in LA.
Read moreData leaks - a portent of the future?
The Culture, Media and Sport Committee have launched an inquiry in the wake of the recent cyber-attack on the TalkTalk website on 21 October,
Read more18 months on - the ICO reflects on Google Spain
The ICO has recently blogged on the cases it has received in the year and a half since the Google Spain decision last May.
Read moreDraft Investigatory Powers Bill unveiled
The draft Investigatory Powers Bill was laid before Parliament on Wednesday and leading political figures have already been attempting to calm fears surrounding the so-called 'snooper's charter'.
Read moreEU court declares 'safe harbor' data-transfer agreement invalid
The Court of Justice of the EU (CJEU) has declared that the "Safe Harbor" framework agreement cannot be relied upon to justify transfers of personal data from the EU to the US.
Read morePrivacy rights when you don’t expect them - the case of JR38
Yesterday, the Supreme Court unanimously dismissed an appeal by an Appellant involved in rioting in Derry in 2014.
Read moreMGN appeals against hacking awards in Gulati case
MGN today sought permission to appeal against the very large awards of damages made by Mr Justice Mann in the eight test claims in the hacking litigation arising out of voicemail interception at Mirror Group Newspapers.
Read moreThe future of "Safe Harbour"
The future of the “Safe Harbor” is uncertain. Questions about its effectiveness have been brought to the fore in the wake of the privacy and data security scandal that followed Edward Snowden’s revelations about surveillance by US government agencies.
Read moreSize doesn't matter: regulating "big data" in a "small data" world
Big data is everywhere. Once the preserve of innovators and technology entrepreneurs, big data analysis is now routinely used by a wide range of public and private sector organisations. It’s a tool for planning, resource management and gaining competitive advantage.
Read moreCompensation for "distress-only" claims under DPA
In an important ruling, the Court of Appeal confirms that the cause of action for misuse of private information is a tort and rules on the meaning of “damage” under s13 of the Data Protection Act, allowing claimants to recover compensation for “distress” resulting from a breach of the Act without also having to prove pecuniary losses.
Read moreGoogle v Vidal-Hall: the rise and rise of data protection rights
In an important decision handed down on Friday, the Court of Appeal confirmed that misuse of private information is a tort, and that claimants may recover damages under the Data Protection Act 1998 (the "DPA") for distress without also proving pecuniary losses.
Read more91 year-old activist and angry neighbour: Supreme Court looks at police retention of personal data
Case report: R (Catt) v Commissioner of Police of the Metropolis and ACPO and R (T) v Commissioner of Police of the Metropolis [2015] UKSC 9
Read moreApps: regulators globally push for data transparency
“Not in front of the telly: Warning over ‘listening’ TV”.
Read more