A rare foray into the Criminal Division of the Court of Appeal for the Data Protection Act 1998 recently, as the Court considered the nature of the reverse burden imposed by the section 55 offence in Shepherd v Information Commissioner [2019] EWCA Crim 2. In short, Jay J held that section 55, properly construed, imposed only an evidential burden on a defendant rather than a legal burden. Continue reading
GDPR financial penalties: €50m for Google in France
Perhaps the most commonplace GDPR soundbite concerns swingeing financial penalties: in the most serious cases, up to €20m or 4% of global annual turnover, whichever is the greater. We have now had our first flexing of that maximal muscle, in the form of the decision of the French supervisory authority, the CNIL, to impose a €50m penalty on Google. The CNIL’s decision, announced yesterday, is summarised here. (The penalty notice itself is not yet available in English).
Notable features of the case include the following: Continue reading
Open Up: ICO Consultation on FOIA/EIR
News comes our way of a consultation exercise being run by the ICO on its new proposed ‘Access to Information Strategy’. You can read more about it here. Titled ‘Openness by Design’, it is a proposed strategy which will – in particular – aim to improve standards of openness, transparency and participation on the part of public authorities, including by increasing the impact of enforcement activity through targeting of systemic non-compliance. That is probably the most significant headline of the draft, but there are a number of aims to improve confidence in the openness and accountability of public authorities, by greater proactivity on the part of the ICO. Consultation responses are sought by 8 March 2019.
Christopher Knight
s35 FOIA Updates from the Upper Tribunal
A couple of recent Upper Tribunal cases have been handed down on the section 35(1) FOIA exemption for the formulation or development of government policy and for Ministerial communications. Both concern documents produced at the highest levels of Government. Both nudge the jurisprudence on a little bit, and both are worth being aware of for those concerned. Continue reading
It’s My Party and I’ll Cry/Sue for Accreditation if I Want To
How does data protection law feed into, and support, challenges to police action in the form of refusing press accreditation for a political party conference? The Divisional Court considered this in R (Segalov) v Chief Constable of Sussex Police & Chief Constable of Greater Manchester Police [2018] EWHC 3187 (Admin). Continue reading
Death and the DPA
Death may be the great leveller, but does it also bring to an end an appeal brought under section 28(4) of the Data Protection Act 1998 against a national security certificate issued by the Secretary of State? The answer of the Upper Tribunal in Campbell v Secretary of State for Northern Ireland [2018] UKUT 372 (AAC) was: Yes. Continue reading