Public lawyers, in particular, may have encountered government departments or others redacting the names of ‘junior officials’ on grounds of ‘relevance’ or ‘data protection’, when disclosing documents in litigation. Anecdotally, at least, that has been an increasing trend in recent years. The judgment of Swift J in FMA and Others v SSHD  EWHC 1579 (Admin) contains a very clear – and welcome – statement that this approach is not appropriate.
ICO Enforcement Notices and Monetary Penalty Notices (“MPNs”), and the resulting appeals to the FtT, are the bread and butter of information law litigation. Readers of Panopticon would be forgiven for thinking that issues such as the burden and standard of proof in such appeals would be uncontentious. But not so, according to the appellant in Doorstep Dispensaree Ltd v Information Commissioner  UKUT 132 (AAC).
As Panopticon’s readership will be well aware, last week’s judgment in Prismall v Google UK Ltd and Deep Mind Technologies Ltd  EWHC 1169 (KB) saw Mrs Justice Williams strike out the only live attempt in the UK at an opt-out class action for data misuse. In this post, I’ll summarise the Court’s key reasons. Continue reading
Personal data of a private and sensitive nature can, of course, end up being used in ways that are both distressing and tangled – in the sense that it is not altogether clear who (if anyone) to hold responsible, in law and in fact. The recent judgment of Chamberlain J in Ali v Chief Constable of Bedfordshire  EWHC 938 (KB) is a must-read case study for anyone needing guidance in navigating thickets of causation and quantum (spoiler: award of £3k for UK GDPR breaches; the same award would have arisen for misuse of private information and under Article 8 ECHR in these circumstances). Continue reading
As noted by Panopticon earlier today, the CJEU has been busy pronouncing on subject access request principles. The drift has, in general, been pro-data subject. In the UK, however, subject access case law has not necessarily been one-way pro-disclosure traffic, as is evident from the robust and careful judgment handed down this week by Mrs Justice Farbey in X v Transcription Agency and Master James. Continue reading
Dear Sir/Madam, I hereby make a subject access request, please give me copies of documents and specify everyone you gave my data to, yours sincerely.
Response: okay, you can have some data, but no documents and we only need to tell you about ‘categories’ of recipients, not specific recipients.
Reply: not good enough, Article 15 GDPR entitles me to more detail.
Who is right? The CJEU has had a busy few months shedding some light on these kinds of issues, thanks mainly to a slew of Austrian referrals, with its latest contribution coming last week. Continue reading