Case Law: ABC v Google, Claimant who refused to tell the court or his opponent who he was runs out of track – Elisabeth Mason

5 12 2019

In ABC v Google LLC [2019] EWHC 3020 (QB) the High Court dismissed the latest attempt by an anonymous litigant-in-person (‘ABC’) to continue his ‘right to be forgotten’ claim against Google.  The claim concerned Google’s failure to block access to historic news reports concerning ABC (whomever he may be).  Extraordinarily, ABC pursued his claim for nearly two years without ever identifying himself either to his opponent or to the court. Read the rest of this entry »





Australia: The ugly truth: tech companies are tracking and misusing our data, and there’s little we can do – Suranga Seneviratne

30 11 2019

As survey results pile, it’s becoming clear Australians are sceptical about how their online data is tracked and used. But one question worth asking is: are our fears founded? The short answer is: yes. Read the rest of this entry »





Territorial scope in recent CJEU cases: Google v CNIL / Glawischnig-Piesczek v Facebook – Cathryn Hopkins

9 11 2019

The Court of Justice of the European Union (the “CJEU”) has handed down a few intermediary-related judgments since September alone, and two are considered below. Although one relates to the E-Commerce Directive (the “ECD”) and the other to the Data Protection Direction (the “DPD”)/GDPR, a comparison of the judgments shows an apparently inconsistent approach of the CJEU to the territorial reach of injunctions against internet intermediaries. Read the rest of this entry »





News: Stunt v Associated Newspapers, Data Protection reference to CJEU withdrawn

30 10 2019

On 29 October 2019 the Court of Appeal (Etherton MR, Sharp P and McFarlane P) made an order withdrawing the reference to the CJEU in the case of Stunt v Associated Newspapers ([2018] EWCA Civ 1780) . Read the rest of this entry »





Compound liability following data breaches: Equifax two years on – Suneet Sharma

29 10 2019

In September 2017 Equifax suffered a data breach exposing the personal data of over 147 million people. Hackers utilised a website application vulnerability to access the personal data of customers. Read the rest of this entry »





Case Law: Lloyd v Google LLC, Landmark judgment in representative data protection action – Aidan Wills

9 10 2019

The Court of Appeal has handed down judgment in Lloyd v Google LLC [2019] EWCA Civ 1599, a decision with significant implications for data protection law and practice. Brought on behalf of an estimated 4.4 million iPhone users, this representative claim concerns Google’s gathering and exploitation of browser generated information (“BGI”) on Apple’s Safari browser. Read the rest of this entry »





ECJ confirms territorial limitations of ‘the right to be forgotten’ – Iain Wilson and Elisabeth Mason

3 10 2019

On 24 September 2019, whilst the country was focused on the United Kingdom Supreme Court as it ruled that the prorogation of the UK parliament was unlawful, the Court of Justice of the European Union (CJEU or ECJ), handed down judgment in Google LLC, successor in law to Google Inc. v Commission nationale de l’informatique et des libertés (CNIL), C‑507/17, effectively a sequel to the landmark data protection ‘Google Spain’ decision in May 2014. Read the rest of this entry »





Duchess of Sussex sues Mail on Sunday in privacy, copyright and data protection over leaked letter

2 10 2019

It has been announced that the Duchess of Sussex, Meaghan Markle, is suing the Mail on Sunday for misuse of private information, infringement of copyright and breach of the Data Protection Act 2018.  The claim arises out of the publication by the newspaper in February 2019 of extensive extracts from a private letter written by the Duchess to her estranged father. Read the rest of this entry »





The Right To Be Forgotten back in the CJEU: Court Judgments on the territorial scope of de-referencing; and sensitive personal data – Ian Helme

27 09 2019

Following on from the Advocate General Opinions published on 10 January (which I wrote about here), yesterday the Court of Justice released its decisions in two cases concerning internet search engines and the right to be forgotten. Read the rest of this entry »





United States: The legal basis of $170m fine on Google for YouTube’s infringement of children’s privacy – Eoin O’Dell

19 09 2019

The media was recently full of stories that Google had been “Fined $170 Million for Violating Children’s Privacy on YouTube” (that’s a headline from the New York Times; see also, for example, NPR | BBC | RTÉ | Silicon Republic). In this post, I want to sketch the legal background to, and consequences of, this fine; and, at the end, I will say a few words about the equivalent position in Europe. Read the rest of this entry »