Panopticon has covered a number of judgments handed down in the UK over the last year or two that demonstrate judicial scepticism about compensation claims for alleged data protection infringements. In a number of cases (though not all), judges have been particularly sceptical whether, on the facts before them, the claim – even if made out – would pass the threshold of seriousness for entitlement to compensation. Some, however, argue that compensation claims under the GDPR/UK GDPR are not subject to any such threshold. So what’s the answer? Continue reading →

The right to be forgotten – remember that? It isn’t often the subject of litigation, in the UK at least: uncertainty about outcomes is probably a significant reason why parties usually opt not to put their disputes before the courts. Last week’s judgment of the Grand Chamber of the CJEU in TU and RE v Google LLC (Case C‑460/20) won’t remove uncertainty about judicial approaches to such cases, but it does shed helpful light on some common elements of disputes under Article 17 (UK) GDPR. Continue reading →

Just about anyone who works in data protection will probably have asked, or have been asked: what do courts tend to award claimants who suffer data breaches? They will probably also be used to an answer along the lines that ‘it’s quite difficult to say; there isn’t very much case law’. Last week’s judgment of Knowles J in Driver v Crown Prosecution Service [2022] EWHC 2500 (KB) is a helpful contribution to this limited line of authority. Continue reading →

With apologies for the delay, Panopticon now brings you highlights from a CJEU judgment from August 2022, that contributes to case law – albeit of a post-Brexit variety – on two GDPR issues. These are (i) the necessity and proportionality of the legislative basis for relying on Article 6(1)(e), and (ii) whether data can be ‘special category data’ by reason of an inference. Here are some key points from the Grand Chamber’s judgment in OT v Vyriausioji tarnybinės etikos komisija (Case C‑184/20). Continue reading →

Prior to the Supreme Court’s judgment in Lloyd v Google [2021] UKSC 50, numerous representative claims – akin to opt-in class actions – were afoot in the data protection arena. Most seem, understandably, to have fizzled out following Lloyd. But not all. Following this week’s judgment in SMO v TikTok Inc. and Others [2022] EWHC 489 (QB), the claim against TikTok has more or less scraped through its first procedural hurdle, and now is now gearing up for a summary judgment hearing in the months ahead. Continue reading →

Some knotty FOIA debates end up generating confusing and apparently contradictory case law; some others get resolved by an authoritative three-person Upper Tribunal. The recent judgment of the UT (Mrs Justice Farbey and UT Judges Mullan and Wikeley) in FCDO v IC, Williams and Others [2021] UKUT 248 (AAC) is a neat example of the latter. It deals with the interplay between sections 23 and 24 of FOIA. Continue reading →