Suppose confidential, private and sensitive information is sold, leaked or otherwise wrongly disclosed by a rogue employee: is the employer vicariously liable? This question is a troubling one for many an employer and data controller. A new judgment on a claim for misuse of private information sheds some light on this question – and will not be comforting for employers and data controllers. The case is Axon v Ministry of Defence [2016] EWHC 787 (QB).

The Claimant was the commanding officer of a Royal Navy frigate when, in December 2004, he was summoned to London and relieved of his command following an investigation into his alleged bullying of officers on his ship. In that same month, the Sun published articles about the incident (‘Mutiny Skipper Sacked’ and so on). Continue reading →

Gurieva & Anor v Community Safety Development (UK) Ltd [2016] EWHC 643 (QB), a judgment of Warby J of 6 April 2016, is the High Court’s latest word on subject access requests. It illustrates some of the emerging trends in subject access litigation. It is also a salutary reminder to ensure that, for subject access request cases as for any other, adequate evidence is presented. Continue reading →

The Royal Family has been the subject of a good deal of information rights litigation. The most famous is of course the Evans saga, about the ‘advocacy correspondence’ of Prince Charles. There have also been cases about (to name just a few subjects) the cost of police protection for the Royal Family, whether or not the Duchy of Lancaster is a public authority, royal wills and alleged heirs to the throne, as well as – most recently – whether the Duke or Duchy of Cornwall is a public authority for the purposes of the Environmental Information Regulations (EIRs). The most recent judgment focuses on Her Majesty the Queen herself, and reveals the views of Charles (J). Continue reading →

The Duchy of Cornwall was established by Edward III in 1337 for his son. There is a landed estate (the Duchy) and a title (the Duke). Edward III was no doubt unconcerned about any legal duties that may attach to the Duchy; he had bigger fish to fry. In the 21^st century, however, at least one knotty question of legal duty has surfaced. Continue reading →

If you made a successful ‘right to be forgotten’ request to Google in the UK, the outcome would be that the URL you complained of would no longer appear in search results through the google.co.uk search engine. However, by simply using the .com version of the browser instead, that outcome would be neatly sidestepped: the offending URL would appear in the search list against your name, unaffected by your exercise of your right to be forgotten.

Google has announced today that, as requested by the ICO among others, it will change that practice and introduce consistency across the versions of its browser. Continue reading →

If you take the view that a reader’s comments about you posted on a news website infringe your privacy or data protection rights, should you be able to sue the website (as opposed to the author of the comments)? This question is enormously important. It reflects our evolving legal, social and ethical approach to resolving tensions between freedom of expression and privacy. It goes to the heart of both online journalism and internet business models. A new judgment given today makes an important contribution to this debate – and will be seen as heartening for advocates of free expression in an online world. Continue reading →