September: Panopticon is scraping itself off furlough and bounding back to school. Here are two information rights from August that are worth noting, both anchored in ECHR rights.

First, readers will recall the high-profile case of R (Bridges) v Chief Constable of South Wales Police and Others. Bridges concerned a challenge on (among others) Article 8 ECHR and DP grounds to the police force’s use of automated facial recognition (AFR) as part of a pilot project aimed at spotting the faces of suspects on wanted lists among the crowds. Continue reading →

In yesterday’s post outlining the Schrems II judgment, I said international data transfers were now in a fine mess. As I re-read the CJEU’s judgment, it occurs to me that my assessment was wrong. It is not a fine mess. It is an awful, almighty mess, it seems to me. Continue reading →

Well this is a fine mess. Austrian privacy campaigner Max Schrems has struck again: transfers of personal data from the EU to the US are suddenly vulnerable again, thanks to today’s CJEU judgment in Data Protection Commissioner v Facebook Ireland and Max Schrems (Case C-311/18; 16 July 2020) – the so-called Schrems II judgment. The judgment (see here: Schrems II Judgment) is complex and multi-faceted, but I’ll aim for a nutshell summary just now. Continue reading →

The Court of Appeal has today given judgment in the long-running ZXC v Bloomberg litigation ([2020] EWCA Civ 611). The key points:

1. In general, a person does have a reasonable expectation of privacy about the fact that/details of their being subject to a police investigation, up to the point of charge.
2. Reporting about alleged conduct is different from reporting about a criminal investigation into that conduct.

Continue reading →

Regulation 22 of PECR 2003 – the prohibition on non-consensual electronic direct marketing communications – has been a favourite ICO hunting ground for monetary penalties for many years. Nevertheless, its dos and don’ts have remained stubbornly fuzzy at the edges. Thankfully, the Tribunal’s most recent decision on direct marketing communications is helpful and illuminating. It’s also quite entertaining: a nice montage of Arron Banks, spam, kangaroos and stuff. Continue reading →

Ms Mustard was injured in a road traffic accident, for which she claims compensation. She was examined by medical experts appointed by the insurer. She covertly recorded two of those consultations deliberately, and a third accidentally. She wants to deploy those recordings as evidence in support of her claim. The insurer objected, arguing that the recordings constituted unlawful processing contrary to the GDPR and the DPA 2018. Continue reading →