With Panopticon having been prorogued for much of the summer, we didn’t get round to a timely blog post on the CJEU’s judgment from the end of July in Fashion ID GmbH & Co. KG v Verbraucherzentrale NRW eV (Case C-40/17). In case you were likewise lounging around Rees-Mogg style and failed to keep up with data protection judgments, here is a brief summary to help you disguise that from your boss or clients. Continue reading
Police use of automated facial recognition: a justified privacy intrusion
The opening sentence of today’s judgment in R (Bridges) v Chief Constable of South Wales Police and Others [2019] EWHC 2341 (Admin) is right up Panopticon’s alley: “The algorithms of the law must keep pace with new and emerging technologies”. In precisely that spirit, the Divisional Court’s (Haddon-Cave LJ and Swift J) dismissal of the challenge to South Wales Police’s use of Automated Facial Recognition technology (“AFR”) contains very significant lessons in how to apply privacy and data protection law to beneficial but intrusive technology. Continue reading
A New Home for Data Protection
All data protection claims issued after 1 October 2019 will now have to be issued in the new, formal, Media and Communications List of the High Court. On that date, a new Part 53 of the CPR will take effect – set out in the Schedule to the Civil Procedure (Amendment No. 3) Rules 2019 – along with two new Practice Directions. Continue reading
Norwich Pharmacal orders, the GDPR – and porn
The GDPR has had its first brush (to my knowledge at least) with the pornography industry in the Courts of England and Wales. In Mircom International and Golden Eye International v Virgin Media and Persons Unknown [2019] EWHC 1827 (Ch), a judgment of 16 July, the High Court declined to order Virgin Media to hand over the IP addresses of persons who had allegedly downloaded and shared porn films in breach of copyright. It was not, however, the GDPR that saved those naughty “persons unknown”. If I can be explicit about it, the Court’s GDPR analysis was highly problematic. Continue reading
Schrems 2: CJEU opinion on international transfers due in December
We’re over a year into the GDPR era, and uncertainty persists on (among other things) mechanisms for the lawful transfer of personal data to non-EU countries whose data protection standards have not been certified as adequate. The US is of course the most notable country on that list – and Max Schrems is the most energetic opponent of transatlantic data transfers. Continue reading
The Facebook Appeal and Procedural Grounds
What sort of grounds of challenge can be run on an appeal against a monetary penalty notice issued by the Information Commissioner? Where the Tribunal has a full merits jurisdiction, is there scope for grounds of challenge relating to the process by which the MPN was reached? Continue reading