WordPress + Bootstrap

It appears from recent media reports that a prosecution brought by the ICO against Hiscox under s. 56 DPA 1998 collapsed last week after the ICO’s key prosecution witness fell ill. – see the FT’s coverage here and the report in Insurance Age here. The prosecution was apparently brought under s. 56 DPA(2) which makes it an offence for goods or service providers to make the provision of goods or services conditional upon the supply of convictions/cautions data. The background to the case is that it was alleged that Hiscox had required one of its policy holders, Mr Irfan Hussain, to supply convictions data about himself in the context of a claim made by Mr Hussain under his insurance policy over the loss of a £30,000 Swiss watch. Continue reading →

As a result of the Freedom of Information (Additional Public Authorities) Order 2018 (SI 2018/173), a series of new public authorities have been added to Schedule 1 of FOIA from 1 May 2018. Continue reading →

For all those of you who are currently wading through the quagmire of GDPR compliance and are pining for some diverting news, you might like to note that the Court of Appeal will be hearing a number of important data protection appeals over the course of this year. They include appeals in the following cases:

• DB v General Medical Council (application of mixed data provisions in s. 7 DPA) – due to be heard in March 2018,
• TLT v Home Office (accidental online disclosure of information relating to asylum seekers) – due to be heard in April 2018 – (note, the appeal does not address the quantum of the awards made in that case but instead focuses on the question of whether compensation ought in principle to have been awarded to individuals who were not referred to by name in the disclosed spreadsheet but who were nonetheless affected by the disclosure);
• Stunt v Associated Newspapers (challenge to the stay mechanism under s. 32 DPA) – due to be heard in June 2018 and, last but most certainly not least,
• Various Claimants v WM Morrison Supermarket PLC (group litigation data breach case) – due to be heard by the Court of Appeal before the end of 2018.

Continue reading →

In case it slipped your notice in the run up to Christmas, you may like to note that on 19 December 2017, the ICO issued an enforcement notice to the Ministry of Justice in respect of its systemic failure to comply with its subject access obligations – see here. As the notice makes clear, as at 28 July 2017, MOJ had a backlog of some 919 subject access requests, some of which dated back to 2012! According to paragraph 6 of the Notice, by November 2017, there were still 793 cases over 40 days old. Of those, some 141 were received in 2015 and 357 were received in 2016. MOJ had apparently put in place a recovery plan aimed at eliminating the backlog by October 2018 but the ICO plainly thought that enforcement action was required in any event. Accordingly, it issued a notice in effect requiring (a) all of the requests referred to in paragraph 6 to be dealt with by 31 October 2018 and (b) MOJ’s internal systems to be adapted to make them fit for purpose by 31 January 2018. Continue reading →

Few readers of this blog will be unaware of the CJEU’s seminal judgment in the case of Schrems v Facebook Case C-362/14, where the Court struck down the EU Commission’s decision that the US’ safe harbour regime was adequate for data protection purposes. However, of course that was not the end of Mr Schrems’ mission to hold Facebook to account for transferring personal data obtained from within the EU into the US. Following the judgment, he went on to bring civil claims against Facebook in the Austrian courts for breaching his data protection obligations, including a claim for injunctive relief and a claim for damages (Mr Schrems is himself domiciled in Austria). More than this, he sought to act as a lightening-rod for claims brought by other individuals domiciled in foreign jurisdictions, including Germany and India. The claimants concerned assigned their claims against Facebook to Mr Schrems with a view to his leading the litigation charge against Facebook. Continue reading →