Just about anyone who works in data protection will probably have asked, or have been asked: what do courts tend to award claimants who suffer data breaches? They will probably also be used to an answer along the lines that ‘it’s quite difficult to say; there isn’t very much case law’. Last week’s judgment of Knowles J in Driver v Crown Prosecution Service [2022] EWHC 2500 (KB) is a helpful contribution to this limited line of authority. Continue reading
Lawful processing conditions and special category data in the CJEU
With apologies for the delay, Panopticon now brings you highlights from a CJEU judgment from August 2022, that contributes to case law – albeit of a post-Brexit variety – on two GDPR issues. These are (i) the necessity and proportionality of the legislative basis for relying on Article 6(1)(e), and (ii) whether data can be ‘special category data’ by reason of an inference. Here are some key points from the Grand Chamber’s judgment in OT v Vyriausioji tarnybinės etikos komisija (Case C‑184/20). Continue reading
Lloyd v Google in the EU: Damage and the AG
When I learned from Twitter that Advocate General Campos Sánchez-Bordona had been writing an Opinion dedicated to the late-90s R&B boyband Damage, I was surprised but not shocked. This, I thought, is precisely the sort of esoteric approach to middling music-based law that resulted in so many voting to leave the EU. Imagine, then, my surprise to find upon reading the Opinion in Case C-300/12 UI v Österreichische Post AG (EU:C:2022:756) that there is almost no mention of Jade Jones’ long-term relationship with Spice Girl Emma Bunton, but instead there is a detailed Lloyd v Google style analysis of in what circumstances damages can be obtained for contravention of the GDPR. Continue reading
Online Safety Bill: first indications of Ofcom’s regulatory approach
Ofcom has today published its ‘roadmap to regulation’ if and when the Online Safety Bill becomes law, together with a ‘call for evidence’ for the first phase of online safety regulation. Both are premised on the current version of the Online Safety Bill, which is acknowledged to be subject to alteration as the legislation goes through the Parliamentary process.
GLO-ing with Satisfaction? Conducting Data Breach Litigation
Post the little-known judgment in Lloyd v Google LLC, those representing data subjects affected by a data breach (usually, although not always, a data security breach incident) have been considering alternative ways of litigating a large number of small value claims arising from the same factual matrix. The obvious alternative, well-established in various areas of the law, is a group litigation order (“GLO”). (This post does not concern the Netflix series about women’s wrestling. There is more violence, but less lycra. Each to their own.) Continue reading
President Biden moves on online harms
For those of you waiting with baited breath to see what will happen with the UK Online Safety Bill (currently at the Committee Stage in the House of Commons), you may like to note that only last week President Biden signed a Presidential Memorandum establishing the ‘White House Task Force to Address Online Harassment and Abuse’, which task force it appears will be focussing particularly on online harms which ‘disproportionately affect women, girls, people of color, and LGBTQI+ individuals, with ‘technology-facilitated gender-based violence’ it seems being the top priority. This is perhaps an unsurprising move by President Biden, given his liberal credentials, and it no doubt reflects a growing unease within liberal circles in the US about the ways in which the internet can be used to generate violent and oppressive conditions for women in the US (including women operating within the sphere of politics). Continue reading