Candy Crush (-es Holyoake)

December 29th, 2017 by Christopher Knight

Readers of this blog will recall an important DPA judgment, particularly on the legal professional privilege exemption, which came out in January 2017 called Holyoake v Candy & CPC [2017] EWHC 52 (QB) (see the blogpost here). That case has, however, involved various pieces of satellite litigation including a 193 page judgment of Nugee J handed down just before Christmas in Holyoake & Hotblack v Candy & Candy & others [2017] EWHC 3397 (Ch). Read more »


Brussels for Christmas: Examining Data Protection

December 28th, 2017 by Christopher Knight

Just in time to be printed and put in your stocking came everyone’s favourite Christmas tradition: a special helping of Brussels. In this case, a judgment of the CJEU in Case C-434/16 Nowak v Data Protection Commissioner (ECLI:EU:C:2017:994) about the application of the Data Protection Directive to examination scripts and examiner comments. Read more »


A Green Willow Must be my Garland

December 28th, 2017 by Christopher Knight

Continuing its consistent run of FOIA judgments which add very little to the jurisprudence is the Court of Appeal’s effort in Willow v Information Commissioner & Ministry of Justice [2017] EWCA Civ 1876. The information requested was a prisoner restraint techniques manual used in youth offender institutions, and the Commissioner and FTT had upheld the application of the section 31(1)(f) exemption, i.e. information prejudicial to the maintenance of security and good order in prisons or other institutions in which people are detained. The Court of Appeal had to consider the public interest balance and the extent to which that was or was not affected by the UN Convention on the Rights of the Child (“UNCRC”) (an unincorporated treaty). Read more »


DPA Convictions

December 28th, 2017 by Christopher Knight

On 6 December a firm of loss adjustors, its director and a senior employee were convicted, alongside private investigators, of a series of offences under s.55 of the Data Protection Act 1998. Read more »


North of the border

December 8th, 2017 by James Goudie QC

The Scottish Government are consulting, until 7 March 2018, on a Draft Order, to commence on 1 April 2019, extending coverage of the Freedom of Information (Scotland) Act 2002 (“the Act”) to Registered Social Landlords, (“RSLs”) and their subsidiaries. The Act provides a statutory right of access to information held by Scottish public authorities. These range from the Scottish Parliament and Government to local authorities, NHS boards, higher and further education bodies, doctors and dental practitioners. The provisions of the Act can be extended to other bodies, including private bodies, that carry out functions of a public nature or which provide, under a contract with a Scottish public authority, a service which is a function of that authority. This can be done by making an Order under Section 5 of the Act, which designates those bodies as a Scottish public authority for the purposes of the legislation. They are then subject to the full requirements of the Act, as well as becoming automatically subject to the Environmental Information (Scotland) Regulations 2004. Read more »


11KBW Seminar Various Claimants v WM Morrison Ltd – Opening the Data Breach Floodgates?

December 6th, 2017 by Claire Halas

11KBW will be holding a seminar on the High Court judgment in the critically important group litigation case of Various Claimants v WM Morrison Ltd. This hugely important judgment is to be considered at a seminar to be held at 6.00pm at 11KBW on 16 January 2018 at the Turing Lecture Theatre, IET London Savoy Place, 2 Savoy Pl, London WC2R 0BL.

Issues to be discussed will include:

– the court’s approach to the application of the seventh data protection principle concerning data security

– the court’s conclusion that the DPA could be construed so as to enable an innocent employer/data controller to be fixed with common law vicarious liability for a breach of the DPA effected by a third party data controller;

– the court’s analysis of the relationship between the DPA and the common law

– the court’s conclusion that the rogue employee was ‘acting in the course of his employment’ when he criminally disclosed the payroll data, notwithstanding that this disclosure was effected whilst the employee was off work and for the specific purpose of damaging his employer

– whether the GDPR may call for a different approach

Speakers will include Timothy Pitt-Payne QC and Robin Hopkins   Read more »