ICO fine for British Airways lands at £20m

October 19th, 2020 by Marcus Pilgerstorfer QC

Ever since the Information Commissioner issued British Airways with a notice proposing to impose a massive fine of £183.39m for a data breach incident in 2018, we have all be waiting with bated breath to see how that process would conclude. A fine at that level would have been the largest ever issued by a data protection regulator in Europe, and would have dwarfed the eye-watering €50m proposed by the French data protection authority CNIL in respect of Google’s advertisement personalisation practices, affecting millions of French citizens. The prospect of BA, a corporate victim of a criminal cyber-attack affecting around 400,000 people’s (mostly payment-card) data, being subject to fine in excess of 4x as large certainly grabbed the headlines. Read more »


Moss: Article 10 ECHR is irrelevant to FOIA

September 3rd, 2020 by Robin Hopkins

The free expression right conferred by Article 10 ECHR encompasses a right “to receive and impart information and ideas without interference by public authority”. Does this create a right to request information from a public authority, such that a refusal to disclose would constitute an interference with Article 10? Read more »


Key points from the Bridges facial recognition appeal

September 3rd, 2020 by Robin Hopkins

September: Panopticon is scraping itself off furlough and bounding back to school. Here are two information rights from August that are worth noting, both anchored in ECHR rights.

First, readers will recall the high-profile case of R (Bridges) v Chief Constable of South Wales Police and Others. Bridges concerned a challenge on (among others) Article 8 ECHR and DP grounds to the police force’s use of automated facial recognition (AFR) as part of a pilot project aimed at spotting the faces of suspects on wanted lists among the crowds. Read more »


My Data Went to the Caribbean. Jamaica? No, It Went of its Own Accord

August 11th, 2020 by Christopher Knight

You have to admire the ingenuity of lawyers. Who would have thought that the GDPR could be a tool to try and force the Home Office to allow a deported overstayer with a lengthy criminal record back into the UK to conduct an in-person appeal? Not the Court of Appeal for a start in Johnson v Secretary of State for the Home Department [2020] EWCA Civ 1032. Read more »


Newman v Southampton CC: child, mother, journalist – whose rights win out?

August 7th, 2020 by Michael White

The High Court handed down judgment on Friday in Newman v Southampton City Council & Ors [2020] EWHC 2103 (Fam), the first recorded judgment concerning journalistic access to the court file in public law family proceedings. The case is likely to be of interest to media lawyers generally, and throws up potential complications surrounding the scope and extent of the privacy rights of children vis-à-vis their parents. Read more »


Section 166 DPA Appeals Again

August 7th, 2020 by Christopher Knight

We previously noted on this blog the decision in Leighton v Information Commissioner (No.2) [2020] UKUT 23 (AAC), emphasising the limited procedural scope of the right to apply to the Tribunal under section 166 DPA 2018. As that was strictly a permission decision, it is worth updating readers that Judge Wikeley repeated has repeated his analysis in a substantive appeal decision in Scranage v Information Commissioner [2020] UKUT 196 (AAC): see particularly at [6], which notes and corrects the “widespread misunderstanding about the reach of section 166”. The appeal itself concerned the time limit provisions, in now historic form, and need not trouble readers unduly. But Judge Wikeley did return to the jurisdiction at the end of his judgment, querying whether the section 166 jurisdiction was working as intended, given the disproportionate resources they enveloped, along with a concern about the lack of coherence between such procedural matters being raised before the FTT and substantive issues having to be raised in the ordinary courts. Whether anyone takes up that baton remains to be seen. We fear it is not top of the legislative to-do list.

Christopher Knight