Privacy Ninja

Top 10 Data Protection Cases That You Must Know About

data protection cases

The key principles of data protection are to safeguard and make available data under all circumstances. 

Top 10 Data Protection Cases That You Must Know About

Any information that your business stores digitally needs to be properly protected. From financial information and payment details to contact information for your staff, data usage in the UK is protected by law.

We explain why data protection cases are not just a legal necessity, but crucial to protecting and maintaining your business.

Also read: Cost of GDPR Compliance for Singapore Companies

Below are the top 10 data protection cases that you must know about.

1. Lloyd v Google LLC

The data protection cases class action against Google which found that they are permissible in the case of DPA breaches for the Safari Workaround. The case sets a precedent for representative opt-out style class actions for data protection cases breaches under UK law. An application for permission to appeal to the Supreme Court is pending. INFORRM had a case comment. Coverage from legal outlets was broad including Matrix Chambers, DLA Piper, Linklaters and Farrer & Co.

2. R (Bridges) v Chief Constable of South Wales Police and Others

The decision of the Administrative Court that the police’s use of facial recognition software was lawful. The case applied the UK’s pre-existing data protection cases framework to determine the lawfulness of the software, a precedential exercise. An appeal to the Court of Appeal is pending. We had a post on Inforrm and there were posts also on Panopticon, Law Gazette, Matrix Chambers and the Privacy Law Barrister.

3. ZXC v Bloomberg LP

A case bought on the grounds that those investigated by law enforcement have the right to privacy generally. A newspaper named the claimant in the course of citing confidential information obtained from a UK law enforcement agency. The claimant was successful and awarded £25,000. We had a case comment on INFORRM. Matrix Chambers, 5RB, Wiggin and Practical Law also had commentary.

4. Google LLC v CNIL

The Court of Justice found that the territorial scope of the right to be forgotten was jurisdictionally limited and therefore could not be applied to worldwide domain names. We had an Inforrm post on this. The case drew much commentary- see Harvard’s Law Blog, Monckton Chambers and The European Law Blog.

5. R v Jarvis

The Canadian Supreme Court’s important decision on “reasonable expectation of privacy” in the context of the “voyeurism” offence, with wider implications for regulatory and common law privacy.  There were posts on the Canadian Privacy Law blog and on The blog.

The importance of data protection increases as the amount of data created and stored continues to grow at unprecedented rates. 

6. Bull v Desporte

A case involving a claim for misuse of private information and copyright infringement arising from a book authored by the claimant’s ex-wife. The claimant succeeded and was awarded damages of £10,000 and aggravated damages of £2,500 as well as a premanant injunction to restrain publication of his private information. Damages for unauthorised use of photographs of the claimant amount to £50.  See a case comments from Wiggin LLP, Simkins and 5RB.

7. Cooper v National Crime Agency

Following a drunken altercation with a police officer the claimant was dismissed from his role at the National Crime Agency (“NCA”). The claimant then pursued a case for breach of the Data Protection Act (“DPA”). The analysis of the issues in the judgment provides significant insight into the application of the DPA. There was a Panopticon blog post about the case.

8. GC & Others v CNIL

The Court was asked a number of questions, all of which broadly related to the question of how the prohibitions on processing sensitive personal data under the Directive applied to search engines. The claimants wished to have various results from searches of their names dereferenced from Google’s search results. The Court concluded that there was no blanket prohibition on the processing of sensitive personal data by search engines under the Data Protection Directive, thus refusing to compel the dereferencing of results. The European Law Blog has commentary.

9. Sergejs Buivids

The claimant recorded the inside of a Latvian police station whist he was there giving a statement. It was contested by the Latvian Data Protection Agency that this infringed Latvian data protection laws. The CJEU found that an individual filming police officers undertaking their duties in a police station and posting it online constituted processing of personal data, but may be covered by the journalistic purposes exemption under the Data Protection Directive. DLA Piper and the Panopticon Blog have analysis.

10 Rudd v Bridle

A case covering the nuances of subject access requests and what information should be provided. Also examined the application of exemptions to cases. A asbestos industry advisor was ordered to respond to a physician’s data subject access requests. We had a case comment on INFORRM. See also commentary from Matrix Chambers, Panopticon and White & Case.

Data protection is the process of safeguarding important information from corruption, compromise or loss.

Trust needs a stronger foundation that provides people with consistent assurance that data about them will be handled fairly and consistently with their interests. Baseline principles would provide a guide to all businesses and guard against overreach, outliers, and outlaws. They would also tell the world that Singaporean companies are bound by a widely-accepted set of privacy principles and build a foundation for privacy and security practices that evolve with technology.

Also read: How to Register Data Protection Officer (DPO) in ACRA Bizfile+

Privacy Ninja provides GUARANTEED quality and results for the following CORE SERVICES:

DPO-As-A-Service (Outsourced DPO Subscription)
Vulnerability Assessment & Penetration Testing (VAPT)
PDPA Obligations for Organizational Compliance (SkillsFuture Credit Eligible)


PDPA Compliance Audit
ital Transformation Consultancy
Data Protection Trustmarks Certification Readiness Consultancy

PDPA Data Protection Software
Smart Contract Audit



Leave a Reply

Your email address will not be published. Required fields are marked *


Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.

Powered by WhatsApp Chat

× How can we help you?