Top 10 Data Protection Cases That You Must Know About
Any information that your business stores digitally needs to be properly protected. From financial information and payment details to contact information for your staff, data usage in the UK is protected by law.
We explain why data protection cases are not just a legal necessity, but crucial to protecting and maintaining your business.
Below are the top 10 data protection cases that you must know about.
1. Lloyd v Google LLC
The data protection cases class action against Google which found that they are permissible in the case of DPA breaches for the Safari Workaround. The case sets a precedent for representative opt-out style class actions for data protection cases breaches under UK law. An application for permission to appeal to the Supreme Court is pending. INFORRM had a case comment. Coverage from legal outlets was broad including Matrix Chambers, DLA Piper, Linklaters and Farrer & Co.
2. R (Bridges) v Chief Constable of South Wales Police and Others
The decision of the Administrative Court that the police’s use of facial recognition software was lawful. The case applied the UK’s pre-existing data protection cases framework to determine the lawfulness of the software, a precedential exercise. An appeal to the Court of Appeal is pending. We had a post on Inforrm and there were posts also on Panopticon, Law Gazette, Matrix Chambers and the Privacy Law Barrister.
3. ZXC v Bloomberg LP
A case bought on the grounds that those investigated by law enforcement have the right to privacy generally. A newspaper named the claimant in the course of citing confidential information obtained from a UK law enforcement agency. The claimant was successful and awarded £25,000. We had a case comment on INFORRM. Matrix Chambers, 5RB, Wiggin and Practical Law also had commentary.
4. Google LLC v CNIL
The Court of Justice found that the territorial scope of the right to be forgotten was jurisdictionally limited and therefore could not be applied to worldwide domain names. We had an Inforrm post on this. The case drew much commentary- see Harvard’s Law Blog, Monckton Chambers and The European Law Blog.
5. R v Jarvis
The Canadian Supreme Court’s important decision on “reasonable expectation of privacy” in the context of the “voyeurism” offence, with wider implications for regulatory and common law privacy. There were posts on the Canadian Privacy Law blog and on The Court.ca blog.
6. Bull v Desporte
A case involving a claim for misuse of private information and copyright infringement arising from a book authored by the claimant’s ex-wife. The claimant succeeded and was awarded damages of £10,000 and aggravated damages of £2,500 as well as a premanant injunction to restrain publication of his private information. Damages for unauthorised use of photographs of the claimant amount to £50. See a case comments from Wiggin LLP, Simkins and 5RB.
7. Cooper v National Crime Agency
Following a drunken altercation with a police officer the claimant was dismissed from his role at the National Crime Agency (“NCA”). The claimant then pursued a case for breach of the Data Protection Act (“DPA”). The analysis of the issues in the judgment provides significant insight into the application of the DPA. There was a Panopticon blog post about the case.
8. GC & Others v CNIL
The Court was asked a number of questions, all of which broadly related to the question of how the prohibitions on processing sensitive personal data under the Directive applied to search engines. The claimants wished to have various results from searches of their names dereferenced from Google’s search results. The Court concluded that there was no blanket prohibition on the processing of sensitive personal data by search engines under the Data Protection Directive, thus refusing to compel the dereferencing of results. The European Law Blog has commentary.
9. Sergejs Buivids
The claimant recorded the inside of a Latvian police station whist he was there giving a statement. It was contested by the Latvian Data Protection Agency that this infringed Latvian data protection laws. The CJEU found that an individual filming police officers undertaking their duties in a police station and posting it online constituted processing of personal data, but may be covered by the journalistic purposes exemption under the Data Protection Directive. DLA Piper and the Panopticon Blog have analysis.
10 Rudd v Bridle
A case covering the nuances of subject access requests and what information should be provided. Also examined the application of exemptions to cases. A asbestos industry advisor was ordered to respond to a physician’s data subject access requests. We had a case comment on INFORRM. See also commentary from Matrix Chambers, Panopticon and White & Case.
Trust needs a stronger foundation that provides people with consistent assurance that data about them will be handled fairly and consistently with their interests. Baseline principles would provide a guide to all businesses and guard against overreach, outliers, and outlaws. They would also tell the world that Singaporean companies are bound by a widely-accepted set of privacy principles and build a foundation for privacy and security practices that evolve with technology.