Panopticon likes data protection, and it likes to keep its eye on things. Here are three key developments in the evolution of data protection law which, in Panopticon’s eyes, are particularly worth watching.
The right to be forgotten: battle lines drawn
First, the major data protection development of 2014 was the CJEU’s ‘right to be forgotten’ judgment in the Google Spain case. Late last year, we received detailed guidance from the EU’s authoritative Article 29 Working Party on how that judgment should be implemented: see here.
In the view of many commentators, the Google Spain judgment was imbalanced. It gave privacy rights (in their data protection guise) undue dominance over other rights, such as rights to freedom of expression. It was clear, however, that not all requests to be ‘forgotten’ would be complied with (as envisaged by the IC, Chris Graham, in an interview last summer) and that complaints would ensue.
Step up Max Moseley. The BBC reported yesterday that he has commenced High Court litigation against Google. He wants certain infamous photographs from his past to be made entirely unavailable through Google. Google says it will remove specified URLs, but won’t act so as to ensure that those photographs are entirely unobtainable through Google. According to the BBC article, this is principally because Mr Moseley no longer has a reasonable expectation of privacy with respect to those photographs.
The case has the potential to be a very interesting test of the boundaries of privacy rights under the DPA in a post-Google Spain world.
Damages under the DPA
Second, staying with Google, the Court of Appeal will continue its consideration of the appeal in Vidal-Hall and Others v Google Inc [2014] EWHC 13 (QB) in February. The case is about objections against personal data gathered through Apple’s Safari browser. Among the important issues raised by this case is whether, in order to be awarded compensation for a DPA breach, one has to establish financial loss (as has commonly been assumed). If the answer is no, this could potentially lead to a surge in DPA litigation.
The General Data Protection Regulation: where are we?
I did a blog post last January with this title. A year on, the answer still seems to be that we are some way off agreement on what the new data protection law will be.
The latest text of the draft Regulation is available here – with thanks to Chris Pounder at Amberhawk. As Chris notes in this blog post, the remaining disagreements about the final text are legion.
Also, Jan Philipp Albrecht, the vice-chairman of the Parliament’s civil liberties committee, has reportedly suggested that the process of reaching agreement may even drag on into 2016.
Perhaps I will do another blog post in January 2016 asking the same ‘where are we?’ question.
Robin Hopkins @hopkinsrobin