WordPress + Bootstrap

In case it slipped your notice in the run up to Christmas, you may like to note that on 19 December 2017, the ICO issued an enforcement notice to the Ministry of Justice in respect of its systemic failure to comply with its subject access obligations – see here. As the notice makes clear, as at 28 July 2017, MOJ had a backlog of some 919 subject access requests, some of which dated back to 2012! According to paragraph 6 of the Notice, by November 2017, there were still 793 cases over 40 days old. Of those, some 141 were received in 2015 and 357 were received in 2016. MOJ had apparently put in place a recovery plan aimed at eliminating the backlog by October 2018 but the ICO plainly thought that enforcement action was required in any event. Accordingly, it issued a notice in effect requiring (a) all of the requests referred to in paragraph 6 to be dealt with by 31 October 2018 and (b) MOJ’s internal systems to be adapted to make them fit for purpose by 31 January 2018. Continue reading →

Few readers of this blog will be unaware of the CJEU’s seminal judgment in the case of Schrems v Facebook Case C-362/14, where the Court struck down the EU Commission’s decision that the US’ safe harbour regime was adequate for data protection purposes. However, of course that was not the end of Mr Schrems’ mission to hold Facebook to account for transferring personal data obtained from within the EU into the US. Following the judgment, he went on to bring civil claims against Facebook in the Austrian courts for breaching his data protection obligations, including a claim for injunctive relief and a claim for damages (Mr Schrems is himself domiciled in Austria). More than this, he sought to act as a lightening-rod for claims brought by other individuals domiciled in foreign jurisdictions, including Germany and India. The claimants concerned assigned their claims against Facebook to Mr Schrems with a view to his leading the litigation charge against Facebook. Continue reading →

The Times’ Lawyer of the Week this morning discusses an Upper Tribunal FOIA appeal brought by Rights Watch UK (for whom Daniel Carey, the Lawyer of the Week, acted pro bono), seeking disclosure of the Attorney General’s advice on drone strikes in Syria. The case was Corderoy & Ahmed v IC, AGO, Cabinet Office [2017] UKUT 495 (AAC). Whether you consider it a win, a loss or a draw (and if so for whom) will depend on which side you’re on here and, as counsel on all sides were colleagues at 11KBW, I will attempt a studied neutrality. I confess I have not found all aspects of the judgment easy to follow, but here you go. Continue reading →

Readers of this blog will recall an important DPA judgment, particularly on the legal professional privilege exemption, which came out in January 2017 called Holyoake v Candy & CPC [2017] EWHC 52 (QB) (see the blogpost here). That case has, however, involved various pieces of satellite litigation including a 193 page judgment of Nugee J handed down just before Christmas in Holyoake & Hotblack v Candy & Candy & others [2017] EWHC 3397 (Ch). Continue reading →

Just in time to be printed and put in your stocking came everyone’s favourite Christmas tradition: a special helping of Brussels. In this case, a judgment of the CJEU in Case C-434/16 Nowak v Data Protection Commissioner (ECLI:EU:C:2017:994) about the application of the Data Protection Directive to examination scripts and examiner comments. Continue reading →