Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Top 10 Data Protection Cases That You Must Know About

data protection cases

The key principles of data protection are to safeguard and make available data under all circumstances. 

Top 10 Data Protection Cases That You Must Know About

Any information that your business stores digitally needs to be properly protected. From financial information and payment details to contact information for your staff, data usage in the UK is protected by law.

We explain why data protection cases are not just a legal necessity, but crucial to protecting and maintaining your business.

Also read: Cost of GDPR Compliance for Singapore Companies

Below are the top 10 data protection cases that you must know about.

1. Lloyd v Google LLC

The data protection cases class action against Google which found that they are permissible in the case of DPA breaches for the Safari Workaround. The case sets a precedent for representative opt-out style class actions for data protection cases breaches under UK law. An application for permission to appeal to the Supreme Court is pending. INFORRM had a case comment. Coverage from legal outlets was broad including Matrix Chambers, DLA Piper, Linklaters and Farrer & Co.

2. R (Bridges) v Chief Constable of South Wales Police and Others

The decision of the Administrative Court that the police’s use of facial recognition software was lawful. The case applied the UK’s pre-existing data protection cases framework to determine the lawfulness of the software, a precedential exercise. An appeal to the Court of Appeal is pending. We had a post on Inforrm and there were posts also on Panopticon, Law Gazette, Matrix Chambers and the Privacy Law Barrister.

3. ZXC v Bloomberg LP

A case bought on the grounds that those investigated by law enforcement have the right to privacy generally. A newspaper named the claimant in the course of citing confidential information obtained from a UK law enforcement agency. The claimant was successful and awarded £25,000. We had a case comment on INFORRM. Matrix Chambers, 5RB, Wiggin and Practical Law also had commentary.

4. Google LLC v CNIL

The Court of Justice found that the territorial scope of the right to be forgotten was jurisdictionally limited and therefore could not be applied to worldwide domain names. We had an Inforrm post on this. The case drew much commentary- see Harvard’s Law Blog, Monckton Chambers and The European Law Blog.

5. R v Jarvis

The Canadian Supreme Court’s important decision on “reasonable expectation of privacy” in the context of the “voyeurism” offence, with wider implications for regulatory and common law privacy.  There were posts on the Canadian Privacy Law blog and on The blog.

The importance of data protection increases as the amount of data created and stored continues to grow at unprecedented rates. 

6. Bull v Desporte

A case involving a claim for misuse of private information and copyright infringement arising from a book authored by the claimant’s ex-wife. The claimant succeeded and was awarded damages of £10,000 and aggravated damages of £2,500 as well as a premanant injunction to restrain publication of his private information. Damages for unauthorised use of photographs of the claimant amount to £50.  See a case comments from Wiggin LLP, Simkins and 5RB.

7. Cooper v National Crime Agency

Following a drunken altercation with a police officer the claimant was dismissed from his role at the National Crime Agency (“NCA”). The claimant then pursued a case for breach of the Data Protection Act (“DPA”). The analysis of the issues in the judgment provides significant insight into the application of the DPA. There was a Panopticon blog post about the case.

8. GC & Others v CNIL

The Court was asked a number of questions, all of which broadly related to the question of how the prohibitions on processing sensitive personal data under the Directive applied to search engines. The claimants wished to have various results from searches of their names dereferenced from Google’s search results. The Court concluded that there was no blanket prohibition on the processing of sensitive personal data by search engines under the Data Protection Directive, thus refusing to compel the dereferencing of results. The European Law Blog has commentary.

9. Sergejs Buivids

The claimant recorded the inside of a Latvian police station whist he was there giving a statement. It was contested by the Latvian Data Protection Agency that this infringed Latvian data protection laws. The CJEU found that an individual filming police officers undertaking their duties in a police station and posting it online constituted processing of personal data, but may be covered by the journalistic purposes exemption under the Data Protection Directive. DLA Piper and the Panopticon Blog have analysis.

10 Rudd v Bridle

A case covering the nuances of subject access requests and what information should be provided. Also examined the application of exemptions to cases. A asbestos industry advisor was ordered to respond to a physician’s data subject access requests. We had a case comment on INFORRM. See also commentary from Matrix Chambers, Panopticon and White & Case.

Data protection is the process of safeguarding important information from corruption, compromise or loss.

Trust needs a stronger foundation that provides people with consistent assurance that data about them will be handled fairly and consistently with their interests. Baseline principles would provide a guide to all businesses and guard against overreach, outliers, and outlaws. They would also tell the world that Singaporean companies are bound by a widely-accepted set of privacy principles and build a foundation for privacy and security practices that evolve with technology.

Also read: How to Register Data Protection Officer (DPO) in ACRA Bizfile+



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us