DPA breach at “lowest end of spectrum”: High Court awards £250

October 17th, 2022 by Robin Hopkins

Just about anyone who works in data protection will probably have asked, or have been asked: what do courts tend to award claimants who suffer data breaches? They will probably also be used to an answer along the lines that ‘it’s quite difficult to say; there isn’t very much case law’. Last week’s judgment of Knowles J in Driver v Crown Prosecution Service [2022] EWHC 2500 (KB) is a helpful contribution to this limited line of authority. Read more »

 

Lawful processing conditions and special category data in the CJEU

October 17th, 2022 by Robin Hopkins

With apologies for the delay, Panopticon now brings you highlights from a CJEU judgment from August 2022, that contributes to case law – albeit of a post-Brexit variety – on two GDPR issues. These are (i) the necessity and proportionality of the legislative basis for relying on Article 6(1)(e), and (ii) whether data can be ‘special category data’ by reason of an inference. Here are some key points from the Grand Chamber’s judgment in OT v Vyriausioji tarnybinės etikos komisija (Case C‑184/20). Read more »

 

TikTok: keep an eye on the clock

March 10th, 2022 by Robin Hopkins

Prior to the Supreme Court’s judgment in Lloyd v Google [2021] UKSC 50, numerous representative claims – akin to opt-in class actions – were afoot in the data protection arena. Most seem, understandably, to have fizzled out following Lloyd. But not all. Following this week’s judgment in SMO v TikTok Inc. and Others [2022] EWHC 489 (QB), the claim against TikTok has more or less scraped through its first procedural hurdle, and now is now gearing up for a summary judgment hearing in the months ahead. Read more »

 

FOIA and security bodies: running sections 23 and 24 together

October 18th, 2021 by Robin Hopkins

Some knotty FOIA debates end up generating confusing and apparently contradictory case law; some others get resolved by an authoritative three-person Upper Tribunal. The recent judgment of the UT (Mrs Justice Farbey and UT Judges Mullan and Wikeley) in FCDO v IC, Williams and Others [2021] UKUT 248 (AAC) is a neat example of the latter. It deals with the interplay between sections 23 and 24 of FOIA. Read more »

 

Important new High Court judgment on data breach litigation

July 30th, 2021 by Robin Hopkins

The High Court (Saini J) has today handed down judgment in Warren v DSG Retail Ltd [2021] EWHC 2168 (QB) (available here: Warren v DSG judgment). It is pithy and important stuff for data protection litigation, especially as regards accidental data breaches and the recoverability of ATE premiums. Read more »

 

Court of Appeal finds DPA exemption is unlawful under GDPR

May 26th, 2021 by Robin Hopkins

The Court of Appeal’s judgment in R (Open Rights Group and the3million) v Secretary of State for the Home Department and Others [2021] EWCA Civ 800, handed down this morning, concludes that the ‘immigration exemption’ in Schedule 2 to the DPA 2018 is not compliant with the GDPR. That is a very significant conclusion in its own right, from the perspectives of both immigration and data protection law. But the Court’s analysis also applies to a more general question: what does a valid (i.e. GDPR-compliant) exemption from data protection rights and duties look like? Read more »