Medical privacy

May 17th, 2017 by James Goudie QC

Do clinicians treating a patient with Huntington’s Disease have a duty to disclose the diagnosis to the patient’s daughters? Arguably so, says the Court of Appeal in ABC v St George’s Healthcare NHS Foundation Trust (2017) EWCA Civ 336.

Huntington’s Disease is inherited. The child of a parent with the disease has a 50 per cent chance of developing the condition.

In the ABC case the Claimant’s father was diagnosed with the condition.  He told his brother.  He did not inform the Claimant or either of her sisters. Read more »


EU looks to appoint expert group on the GDPR

May 12th, 2017 by Anya Proops QC

Just in case any readers are interested, the EU has announced that it is setting up a ‘multi-stakeholder expert group’ to assist the EU Commission in understanding the potential challenges posed by the application of the GDPR (see here). It is anticipated that the group will consist of academic, legal practitioners, as well as business and civil society representatives. If you or your clients are interested in applying for membership of the group, here’s the relevant link.

Anya Proops QC


Manni From Heaven: The Right to Forget Google Spain

May 11th, 2017 by Christopher Knight

In amongst the unsolicited love letters, the pictures of rudely shaped vegetables and simple abuse from those who believe a section 14 FOIA response is a deliberate conspiracy against them, the Panopticon postbag occasionally receives a polite enquiry about why we have not passed comment upon some fascinating information law development. Such a point might be made about Case C-398/15 Camera di Commercio v Manni (ECLI:EU:C:2017:197), in which the CJEU addressed, for only the second time, the ‘right to be forgotten’. Of course, in this case, we have analysed it at great length, but all well-known search engines have delisted it so thoroughly that everyone has forgotten where to find it. So here, like a vexatious requestor or a particularly unpleasant kebab, we are again. Read more »


Implementing the GDPR in the UK: lessons from Germany?

May 9th, 2017 by Robin Hopkins

As we all know, the GDPR is all about the harmonisation of data protection across Europe – hence its form as a regulation (directly effective) rather than a directive (domestic implementing legislation needed). Yes, but: the GDPR leaves an awful lot to member states to implement. For example: exemptions to data subjects’ rights, mechanisms for reconciling data protection and freedom of expression, and the machinery of enforcement by supervisory authorities. Until we have domestic implementing legislation, we can’t fully understand how data protection will work after 25 May 2018. Read more »


Legitimate Interests: the CJEU off its Trolley(bus)

May 8th, 2017 by Christopher Knight

Back in late January, some fellow whom posterity will not recall wrote a blog about the Opinion of AG Bobek in Case C-13/16 Rigas. This Opinion was notable chiefly because it said things which were obviously unlikely to have come from the European Court, things like using “common sense” to guide the interpretation and operation of Directive 95/46/EC. Some suspected it might be a fake. What, asked Panopticon, would the CJEU make of such free-wheeling mania? The wait is over. Read more »


Digital Economy Bill made law

May 3rd, 2017 by Anya Proops QC

What with all the kerfuffle over Brexit negotiations and the impending snap general election, you could perhaps be forgiven for failing to notice that the Government had rushed the Digital Economy Bill through Parliament in last week’s “wash up” before the dissolution of Parliament. The Bill in fact received Royal Assent last Thursday, 27 April. So why does the Digital Economy Act matter to privacy practitioners? Read more »