Public lawyers, in particular, may have encountered government departments or others redacting the names of ‘junior officials’ on grounds of ‘relevance’ or ‘data protection’, when disclosing documents in litigation. Anecdotally, at least, that has been an increasing trend in recent years. The judgment of Swift J in FMA and Others v SSHD [2023] EWHC 1579 (Admin) contains a very clear – and welcome – statement that this approach is not appropriate.
Standing on the doorstep: UT affirms burden and standard of proof orthodoxy
ICO Enforcement Notices and Monetary Penalty Notices (“MPNs”), and the resulting appeals to the FtT, are the bread and butter of information law litigation. Readers of Panopticon would be forgiven for thinking that issues such as the burden and standard of proof in such appeals would be uncontentious. But not so, according to the appellant in Doorstep Dispensaree Ltd v Information Commissioner [2023] UKUT 132 (AAC).
Never Mind: Prismall and privacy representative actions
As Panopticon’s readership will be well aware, last week’s judgment in Prismall v Google UK Ltd and Deep Mind Technologies Ltd [2023] EWHC 1169 (KB) saw Mrs Justice Williams strike out the only live attempt in the UK at an opt-out class action for data misuse. In this post, I’ll summarise the Court’s key reasons. Continue reading
GDPR and privacy damages: causation and quantum
Personal data of a private and sensitive nature can, of course, end up being used in ways that are both distressing and tangled – in the sense that it is not altogether clear who (if anyone) to hold responsible, in law and in fact. The recent judgment of Chamberlain J in Ali v Chief Constable of Bedfordshire [2023] EWHC 938 (KB) is a must-read case study for anyone needing guidance in navigating thickets of causation and quantum (spoiler: award of £3k for UK GDPR breaches; the same award would have arisen for misuse of private information and under Article 8 ECHR in these circumstances). Continue reading
Subject access disputes: exemptions, closed procedures and more
As noted by Panopticon earlier today, the CJEU has been busy pronouncing on subject access request principles. The drift has, in general, been pro-data subject. In the UK, however, subject access case law has not necessarily been one-way pro-disclosure traffic, as is evident from the robust and careful judgment handed down this week by Mrs Justice Farbey in X v Transcription Agency and Master James. Continue reading
Subject access requests: what do you need to provide?
Dear Sir/Madam, I hereby make a subject access request, please give me copies of documents and specify everyone you gave my data to, yours sincerely.
Response: okay, you can have some data, but no documents and we only need to tell you about ‘categories’ of recipients, not specific recipients.
Reply: not good enough, Article 15 GDPR entitles me to more detail.
Who is right? The CJEU has had a busy few months shedding some light on these kinds of issues, thanks mainly to a slew of Austrian referrals, with its latest contribution coming last week. Continue reading