The ‘Facebook Fan Page’ judgment: joint data controllers, cookies and targeted advertising

June 5th, 2018 by Robin Hopkins

How do I know if I am a data controller? In particular, how do data controller responsibilities work when it comes to cookies operating on my website (especially for targeted advertising purposes)? The GDPR has not invented these questions, but it has injected them with urgency and sharpness. The CJEU’s judgment in the ‘Facebook Fan Page’ case, handed down this morning, is a very significant contribution on increasingly important issues of this kind. Read more »


Media privacy cases – No monopoly for the Media & Communications List

June 5th, 2018 by Anya Proops QC

As many of you will know, last year the High Court established a new ‘Media & Communications List’ (MCL), presided over by Mr Justice Warby (see the relevant announcement here). The idea behind the establishment of the MCL was that media-related tort cases brought in the Queen’s Bench Division (QBD), including cases for misuse of private information and breach of the data protection legislation, would be allocated to the MCL. But does the establishment of the MCL mean that claimants who want to sue the media are compelled to bring their claims before the MCL in the QBD? Well according to the recent judgment of Chief Master Marsh in the case of Mevinsky & Ors v Associated News [2018] EWHC 1261 (Ch) the answer to that question is a resounding no. Read more »


The DPA 2018 has landed (finally!)

May 23rd, 2018 by Anya Proops QC

You can find it here: … all 339 pages. Happy reading all.

Anya Proops QC


Morrisons group action: claimants win, but get only 40% of their costs

May 16th, 2018 by Robin Hopkins

Needless to say, group actions for data protection breaches will generally be shaped by financial considerations. Those are partly about compensation, but also about costs. To make it worthwhile, claimants need not only to win and be awarded compensation, but also to get their costs covered, or at least not have their costs eat too far into their compensation. On this issue, today’s costs judgment in the Morrisons litigation is novel, interesting and instructive in practice. Read more »


The Data Protection Act 2018: nearly there

May 3rd, 2018 by Robin Hopkins

My post below from earlier this week contained some head-scratching about timings for GDPR implementation. When will our Data Protection Bill make further progress through Parliament, I asked? We now have an answer: the Bill will have its report and third reading stages on 9 May. We’ll miss the deadline for implementing the Law Enforcement Directive (6 May), but never mind. The proposed amendments up for debate next week are here.


GDPR implementation: minor changes and big questions

May 1st, 2018 by Robin Hopkins

With the GDPR taking effect later this month, the Council of the EU has done its last round of proof-reading and made some changes to the final GDPR text. Most of those will be inconsequential for the majority of controllers and processors. Meanwhile, on this side of the Channel, a much bigger question remains unanswered: when exactly will we get our Data Protection Act 2018? Read more »