Have You Found Jesus? The CJEU Has

August 3rd, 2018 by Christopher Knight

When opening the door to the Jehovah’s Witnesses it is probably uncommon for householders – even for the erudite and very pretty readers of this blog – to respond that although they have not found Jesus, they have found a copy of the register of data controllers, on which the Witnesses do not seem to appear. Read more »


Data Protection in the CJEU: Developments

August 2nd, 2018 by Christopher Knight

Three updates for data protection watchers about cases with a wide-ranging potential impact in the Luxembourg courts. Read more »


Mixed Data in the Court of Appeal

July 2nd, 2018 by Rupert Paines

Hot off (Thursday’s) press comes the CA judgment in DB v GMC [2018] EWCA Civ 1497, which will now be the leading case on the treatment of mixed personal data.

Read more »


TLT in the Court of Appeal

June 18th, 2018 by Anya Proops QC

The judgment of Mitting J in the case of TLT is now routinely invoked in the context of discussions over how you go about quantifying the value of a distress damages claim where there has been a data breach. In TLT, the Home Office had accidentally disclosed online a spreadsheet containing data relating to asylum seekers and their families. As you may recall, Mitting J awarded TLT compensation of £12,500 on the basis that he had suffered distress as a result of the disclosure akin to a moderate psychiatric injury. This award was made in circumstances where the judge had concluded that the disclosure had resulted in TLT having a rational fear that he would be targeted by the Iranian authorities, to the point where he had felt compelled to relocate his entire family. The judge also held that, whilst they were not named in the spreadsheet, TLT’s wife and daughter (TLU and TLV) were also entitled to distress damages as their identity and the fact that they were seeking asylum could readily be inferred from the disclosed data. Read more »


The ‘Facebook Fan Page’ judgment: joint data controllers, cookies and targeted advertising

June 5th, 2018 by Robin Hopkins

How do I know if I am a data controller? In particular, how do data controller responsibilities work when it comes to cookies operating on my website (especially for targeted advertising purposes)? The GDPR has not invented these questions, but it has injected them with urgency and sharpness. The CJEU’s judgment in the ‘Facebook Fan Page’ case, handed down this morning, is a very significant contribution on increasingly important issues of this kind. Read more »


Media privacy cases – No monopoly for the Media & Communications List

June 5th, 2018 by Anya Proops QC

As many of you will know, last year the High Court established a new ‘Media & Communications List’ (MCL), presided over by Mr Justice Warby (see the relevant announcement here). The idea behind the establishment of the MCL was that media-related tort cases brought in the Queen’s Bench Division (QBD), including cases for misuse of private information and breach of the data protection legislation, would be allocated to the MCL. But does the establishment of the MCL mean that claimants who want to sue the media are compelled to bring their claims before the MCL in the QBD? Well according to the recent judgment of Chief Master Marsh in the case of Mevinsky & Ors v Associated News [2018] EWHC 1261 (Ch) the answer to that question is a resounding no. Read more »