By an Order dated 16 October 2024 [pdf] Warby LJ granted Laurence Fox permission to appeal to the Court of Appeal against the decision in Blake v Fox on 5 of the 7 grounds of appeal relied on.

Fox was the defendant and counterclaimant in a libel action brought by three claimants: Simon Blake, Colin Seymour, and Nicola Thorp. Collins Rice J handed down judgment on liability in January 2024 ([2024] EWHC 146 (KB)), granting Blake and Seymour judgment on their claims, and dismissing Fox’s counterclaims on the basis of lack of causation of serious harm (and declining to resolve in the alternative the Truth (Thorp) and Honest Opinion (Blake and Seymour) defences advanced in the counterclaims).

After a short remedies hearing in April 2024, in a further judgment ([2024] EWHC 956 (KB)), Collins Rice J awarded Blake and Seymour each £90,000 in damages, and final injunctions against repetition of the defamatory statement, but refused their pleas for a s.12 Defamation Act 2013 order. Fox’s full Grounds of Appeal have been made available by 5RB. Read the full case history from 5RB here.

Netflix has launched a feature documentary film “Sweet Bobby: My Catfish Nightmare”. The film depicts the events underlying a ground-breaking 2020 privacy claim, brought over a nine-year cat-fishing campaign. The claim for damages and injunctive relief, which was brought in misuse of private information, harassment, and under the GDPR, and without anonymising the parties, is thought to be the first successful civil claim relating to a cat-fishing scam in the common law world. The claim was settled by Court Order with the payment of compensation and the making of private apology in 14 June 2021. 5RB has more information here.

Former private investigator Glenn Mulcaire, who admitted hacking voicemails including those of murdered schoolgirl Milly Dowler, has had a bid to challenge some of his convictions dismissed by the Court of Appeal. Mulcaire was given a six-month prison sentence in 2007 for hacking offences committed while working for News Group Newspapers, the publisher of the now-defunct News of the World. The Press Gazette has more information here.

The judgment in David Miller v University of Bristol 1400780/2022, decided in February 2024, has been published. It sets out why David Miller’s beliefs that Israel’s actions in Palestine amount to apartheid, ethnic cleansing and genocide are “worthy of respect in a democratic society” and warranted protection under antidiscrimination laws. The Guardian has more information here.

The London School of Economics (LSE) has been criticised by a UN rapporteur and accused of Islamophobia after reportedly raising an allegation that students behind a pro-Palestine demonstration in July 2024 had prompted fears of a repeat of the 7/7 terrorist attacks. The Guardian has more information here.

Internet and Social Media

The Court of Justice of the European Union has issued its judgment in case C‑446/21. The CJEU was called upon to assess whether the GDPR imposes limits on Meta Platforms Ireland’s use of personal data collected outside of the Facebook social network for advertising purposes. The Privacy and Information Security Law Blog has more information here.

Data Privacy and Data Protection

The Information Commissioner’s Officer has fined two Manchester based financial and debt management companies a total of £150,000 for sending in excess of 7.5 million spam text messages to people. It has also issued a practice recommendation to United Utilities for failing to properly handle requests for important environmental information from the public.

Privacy International has an article on the Home Office’s “Identify and Prioritise Immigration Cases” (IPIC) algorithm, which automatically identifies and recommends migrants for particular immigration decisions or enforcement action. Following a Freedom of Information Act request, PI has received information on how this AI tool used.

IPSO

Statements in Open Court and Apologies

On Thursday 17 October 2024 there was a statement in open court in the case of Price v Associated Newspapers Limited KB-2024-002240.

New Issued Cases

There was one defamation (libel and slander) claim filed on the media and communications list last week.

Last Week in the Courts

On 14 October 2024, judgment was handed down in Elphicke v Times Media Ltd [2024] EWHC 2595 (KB). Retired Master Victoria McCloud found Times Media failed to “preserve evidence” in the case and that it was “appropriate to mark the seriousness” by reducing the amount that former MP Charles Elphicke must pay to 80%. The judgment found that conduct occurring after discontinuance could be relevant in assessing costs. The Defendant’s alleged misconduct, including the misuse of witness statements and the destruction of evidence, constituted serious matters that warranted consideration. However, the court emphasised the importance of maintaining the default costs rule, stating that departures from this rule should be limited and require cogent reasons, which were not sufficiently established in this case.

On Tuesday 15 October 2024 there was a trial of a preliminary issue in the data protection case of  Joseph Pacini, Carsten Geyer v Dow Jones & Company IncKB-2023-001311 before Richard Spearman KC.  Judgment was reserved.

On Wednesday 16 October 2024 there was a renewed application for permission to appeal in the case of Gahir v Neal KA-2024-000073.

Media Law in Other Jurisdictions

Australia

Online groups where women post screenshots of men they have met on dating apps are being abruptly paused or closed down after an Australian defamation case involving a page administrator of a surrogacy group. Users share warnings about men they have dated or post screenshots of profiles before meeting up, asking members to share experiences. Usually, the posts are accompanied with the name, age and location of the men. However, after page administrator Andy Leonard spent over $20,000 in legal fees defending a matter in the Federal Court over a comment that was left on the group page he ran on Facebook in 2023, the pages as closing. ABC News has more information here.

Canada

The CRTC has sent a letter to Meta giving it seven days to comment on what measures Meta is taking to comply with the Online News Act, and whether news is being made available on Meta’s platforms. Meta has blocked news links on its Facebook and Instagram platforms for more than a year in response to the Online News Act, resulting in significant lost traffic to many Canadian news sites. The company’s position has been pretty clear from the start: the law applies to digital news intermediaries that make “news content produced by news outlets available to persons in Canada.” By blocking news links, the company believes that it falls outside the definition and therefore is not required to register with the CRTC and enter into negotiations for payments to Canadian news outlets. The Michael Geist Blog has more information here.

The Standing Committee on Access to Information, Privacy and Ethics tabled its report on the federal government’s use of technological tools capable of extracting personal data from mobile devices and computers. The IAPP has more information here.

China

The State Council of China published the Regulations on Administration of Network Data Security, which will take effect on 1 January 2025. The Regulations cover multiple dimensions of network data security, including personal information protection, security of important data, cross-border transfers, network platform service providers’ obligations, and regulatory supervision and administration. The Privacy and Information Security Law Blog has more information here.

Europe

On 16 October 2024, the European Data Protection Board announced it had adopted Guidelines 2/2023 on Technical Scope of Art. 5(3) of ePrivacy Directive following a public consultation. The Privacy and Information Security Law Blog has more information here.

The 17 October 2024 was the final day for European Union Member States to implement the necessary measures for transposing the EU Directive on measures for a high common level of cybersecurity across the EU into their national laws. The rules of the NIS2 Directive will then become applicable from 18 October 2024 onwards.

India

India is poised to bring its first omnibus data protection law, the Digital Personal Data Protection Act 2023, into force. While the act has been passed into law, it is largely a principles-only legislation that will be implemented through detailed executive rules, likely by the close of 2024. IAPP has more information here.

Kenya

Privacy International has an article exploring how Kenya’s post-election violence of 2007 led to sweeping changes, including the mass implementation of technologies into its election processes. PI has also published a new tech explainer on election technologies in Kenya. The explainer takes a deep dive into the technologies employed to manage and administer the election process in Kenya, such as biometric voter registration (BVR), voter identification, results transmission, and candidate management systems.

United States

On 15 October 2024, the Second Circuit court remanded the case of Salazar v NBA, — F.4th —, 2024 WL 4487971 for further proceedings. The case concerns the Video Privacy Protection Act, 18 U.S.C. 2701 (VPPA) and clarifies modern VPPA applications, with its origins in a VHS-centric era, to modern digital interactions, like email newsletters and online video streaming. It also expands consumer privacy definitions; the court’s interpretation suggests that a “subscriber” could include individuals who exchange personal information for non-monetary services, influencing other privacy claims. Finally, the judgment could influence digital business practices by affecting how businesses should collect and share user data, potentially increasing scrutiny over partnerships involving data tracking and disclosure to third parties such Meta. The Evan Law Blog has more information here.

The Federal Trade Commission’s tentative settlement in the Marriott-Starwood data breaches proceeding contains what appears to be the commission’s first-ever “right to be forgotten” requirement in a cybersecurity enforcement action. IAPP has more information here.

Texas Attorney General Ken Paxton has announced a lawsuit against TikTok for operating its platform in violation of the Texas Securing Children Online through Parental Empowerment (“SCOPE”) Act. The SCOPE Act, among other restrictions, prohibits digital service providers from sharing, disclosing or selling minors’ personal information without the consent of a parent or guardian. The Privacy and Information Security Law Blog has more information here.

Research and Resources

Next Week in the Courts 

On Monday 21 October 2024, the Claimant will be making an application in Ibrahim v Kennedy KB-2023-002865.

On the same day, there will be a pre-trial review in RTM v Bonne Terre Limited & Hestview Limited KB-2023-000775.

On Tuesday 22 October 2024, there will be a pre-trial review in Smith v Surridge & others and Jackson v Surridge & others QB-2022-000858/QB-2022-000862.

On Wednesday 23 October 2024, there will be an appeal hearing in Smith v Poulton & others KA-2024-000084.

On Thursday 24 October 2024, there will be a directions hearing in Kirkegaard v Smith QB-2018-000390.

On the same day, there will be an application for default judgment in BPP Holdings Limited and others v Blakey KB-2024-001080.

Reserved Judgments

Joseph Pacini, Carsten Geyer v Dow Jones & Company Inc,  heard 15 October 2024 (Richard Spearman KC)

Bates v Rubython and another, heard 7-10 October 2024 (Aidan Eardley KC)

Titan Wealth Holdings Limited and others v Okunola, heard 9 and 10 October 2024

Northcott v Hundeyin, heard October 2024 (Knowles J)

Oliver v Duffy, heard 3 and 4 October 2024 (Hill J)

Codnor v Thorpe, 17 June 2024 (Richard Spearman KC).

MBR Acres v FREE THE MBR BEAGLES, heard 24-28 April 2023, 2-5, 9, 11-12, 15, 17-18, 22-23 May 2023 (Nicklin J)

Colette Allen is the host of Newscast on Dr Thomas Bennett and Professor Paul Wragg’s The Media Law Podcast (@MediaLawPodcast).