UKIP, the ICO and Information Notices

February 21st, 2019 by Robin Hopkins

Information notices have so rarely surfaced in information rights litigation that I can almost hear a number of Panopticon readers saying ‘what is an information notice again?’. Fair question. Read more »


YouTube videos and data protection liabilities

February 21st, 2019 by Robin Hopkins

To what extent is an individual potentially on the hook, in terms of data protection liabilities, for material they post on their personal social media accounts, such as video clips on YouTube? The CJEU’s ruling in Sergejs Buivids (Case C–345/17) is the most recent addition to the line of authorities about the intersection between personal use of online networks, potential journalistic purposes and data protection duties. Read more »


Law Enforcement Processing and the Scope of EU Law: Easy-Peasy Right?

February 18th, 2019 by Christopher Knight

If you think you understand how the DPA 2018 has implemented EU law in the shape of the GDPR (Part 1) and the Law Enforcement Directive (“LED”) (Part 3), and that is that, you may want to think again. What the DPA does not just depend on the language and the Part, but may also require consideration of the scope of EU law. R (El Gizouli) v Secretary of State for the Home Department [2019] EWHC 60 (Admin) is such a case. Indeed, it is the first decided case of significance to consider the DPA 2018 at all. Read more »


The Court of Appeal Rolls out the DP Barrel

February 18th, 2019 by Christopher Knight

Sometimes a case comes along which, whether through range of issues or over-enthusiastic pleading, seems to touch on more or less every data protection provision going. To this end, at least for the DPA 1998, we give you the lengthy treatise of Sales LJ that is: Cooper v National Crime Agency [2019] EWCA Civ 16. Read more »



February 7th, 2019 by James Goudie QC

Two recent decisions of the FTT on confidential information are of interest, one under FoIA, the other under the EIR, with a local authority being the public authority in both cases.

The FoIA case is Driver v Information Commissioner and Thanet District Council, EA/2017/0218.  It concerned the absolute Section 41 exemption from disclosure: information provided in confidence to the public authority by a third party.  The FTT held that the exemption did not apply because the information was not obtained by  the Council from another person. The information was the names of parties who had been paid compensation by the Council.  This was pursuant to settlements concluded between the Council and businesses involved in the export of live animals from the Port at Ramsgate.  The Council had imposed a ban. The High Court found that the ban was unlawful and that the Council was liable in damages. Read more »


Bearing a Burden: Prosecuting under the DPA

January 25th, 2019 by Christopher Knight

A rare foray into the Criminal Division of the Court of Appeal for the Data Protection Act 1998 recently, as the Court considered the nature of the reverse burden imposed by the section 55 offence in Shepherd v Information Commissioner [2019] EWCA Crim 2. In short, Jay J held that section 55, properly construed, imposed only an evidential burden on a defendant rather than a legal burden. Read more »