Police use of automated facial recognition: a justified privacy intrusion

September 4th, 2019 by Robin Hopkins

The opening sentence of today’s judgment in R (Bridges) v Chief Constable of South Wales Police and Others [2019] EWHC 2341 (Admin) is right up Panopticon’s alley: “The algorithms of the law must keep pace with new and emerging technologies”. In precisely that spirit, the Divisional Court’s (Haddon-Cave LJ and Swift J) dismissal of the challenge to South Wales Police’s use of Automated Facial Recognition technology (“AFR”) contains very significant lessons in how to apply privacy and data protection law to beneficial but intrusive technology. Read more »


A New Home for Data Protection

August 9th, 2019 by Christopher Knight

All data protection claims issued after 1 October 2019 will now have to be issued in the new, formal, Media and Communications List of the High Court. On that date, a new Part 53 of the CPR will take effect – set out in the Schedule to the Civil Procedure (Amendment No. 3) Rules 2019 – along with two new Practice Directions. Read more »


Norwich Pharmacal orders, the GDPR – and porn

July 18th, 2019 by Robin Hopkins

The GDPR has had its first brush (to my knowledge at least) with the pornography industry in the Courts of England and Wales. In Mircom International and Golden Eye International v Virgin Media and Persons Unknown [2019] EWHC 1827 (Ch), a judgment of 16 July, the High Court declined to order Virgin Media to hand over the IP addresses of persons who had allegedly downloaded and shared porn films in breach of copyright. It was not, however, the GDPR that saved those naughty “persons unknown”. If I can be explicit about it, the Court’s GDPR analysis was highly problematic. Read more »


Schrems 2: CJEU opinion on international transfers due in December

July 11th, 2019 by Robin Hopkins

We’re over a year into the GDPR era, and uncertainty persists on (among other things) mechanisms for the lawful transfer of personal data to non-EU countries whose data protection standards have not been certified as adequate. The US is of course the most notable country on that list – and Max Schrems is the most energetic opponent of transatlantic data transfers. Read more »


The Facebook Appeal and Procedural Grounds

July 10th, 2019 by Christopher Knight

What sort of grounds of challenge can be run on an appeal against a monetary penalty notice issued by the Information Commissioner? Where the Tribunal has a full merits jurisdiction, is there scope for grounds of challenge relating to the process by which the MPN was reached? Read more »


Jurisdiction, the GDPR and Brussels I

June 27th, 2019 by Christopher Knight

How is jurisdiction determined in a claim for breach of the GDPR? We know the rule in Article 79(2) GPDR. But how does that interplay with the ordinary private international law rules of jurisdiction, set out in Brussels I Recast Regulation: Regulation (EU) 1215/2012? What about where the controller seeks to rely on a jurisdiction agreement, which under Article 25 of the Brussels I Recast Regulation, would take priority? Read more »