Death and the DPA

January 10th, 2019 by Christopher Knight

Death may be the great leveller, but does it also bring to an end an appeal brought under section 28(4) of the Data Protection Act 1998 against a national security certificate issued by the Secretary of State? The answer of the Upper Tribunal in Campbell v Secretary of State for Northern Ireland [2018] UKUT 372 (AAC) was: Yes. Read more »


Are you thinking what I’m linking? Liability for hyperlinks

December 20th, 2018 by leodavidson

Many users of the internet know all too well the hidden dangers of hyperlinks.  Now the European Court of Human Rights has considered the extent to which those posting links are responsible for the third party content being linked to, in Magyar Jeti Zrt v Hungary (Case no. 11257/16).

In 2013, a Hungarian politician drew a link between racist assaults by football fans and Jobbik, a right-wing Hungarian political party.  A recording of his remarks was uploaded to YouTube.  When reporting the story, – a news website operated by the applicant company – included a hyperlink to the recording, without repeating the defamatory content in the body of their article. Read more »


Brexit and Data Protection: Update

November 15th, 2018 by Christopher Knight

Panopticon has generally avoided venturing too far into Brexit-related updates: there has invariably been very little by way of actual facts to comment on (not that that has stopped people). But 14 November 2018 does mark something of a landmark, even if by the time you read this it may well all have collapsed like a particularly badly made soufflé. By the time you watch the repeat on Dave it may look like a legal history article. Here goes nothing… Read more »


Vicarious liability for data breaches: Court of Appeal dismisses Morrisons’ challenge

October 22nd, 2018 by Robin Hopkins

Large-scale civil litigation is one of the developing contours of data protection law. Last week’s judgment in Lloyd v Google – a novel representative action based on allegedly unlawful processing activities – is one illustration. When it comes to group litigation on the back of a data breach, our best illustration thus far is the groundbreaking group action against Morrisons. Read more »


Inconsequential data protection breaches: High Court blocks big-money action against Google

October 8th, 2018 by Robin Hopkins

Popular impressions of data protection range from the tedious (“the GDPR forces me to get consent for everything”) to the apocalyptic (“if you breach the GDPR, you will automatically get multi-million pound fine”, etc.). A common apocalyptic theme is that contraventions affecting large numbers of individuals may well trigger financially ruinous group litigation. They might. But this morning’s judgment of Warby J in Lloyd v Google [2018] EWHC 2599 (QB) is an important corrective to apocalyptic thinking. Read more »


The Court of Human Rights Remembers the Right to be Forgotten

August 24th, 2018 by Christopher Knight

Everyone is weighing in on the right to be forgotten these days and now, not to miss a turn on the rights bandwagon when its Luxembourg rival has got in ahead of it, the European Court of Human Rights has had a go too in ML & WW v Germany (App. No. 60798/10 and 65599/10) (judgment of 28 June 2018). Read more »