ICO signals its intentions on cyber security: large companies need to lead by example – Ashley Hurst and Nina Lazic

25 01 2020

The ICO has issued DSG Retail Limited, the owner of Currys PC World and Dixons Travel stores, with a sizeable fine under pre-GDPR legislation. The ICO’s decision is a must-read for all organisations (and particularly for large, nationwide, retailers), with the ICO setting out its expectations as to the “appropriate technical and organisational” measures which companies must take to protect personal data. Read the rest of this entry »





Top 10 Privacy and Data Protection Cases of 2019: a selection – Suneet Sharma

6 01 2020

Inforrm covered a wide range of data protection and privacy cases in 2019. Following last years post here is my selection of most notable privacy and data protection cases across 2019: Read the rest of this entry »





Ireland: Damages for Data Protection Breaches 2, Why Murphy v Callinan is wrong – Eoin O’Dell

20 12 2019

In my previous post in this series, I argued (yet again) that Collins v FBD Insurance plc [2013] IEHC 137 (14 March 2013) was wrongly decided. It precludes a claim for damages for distress for breach of data protection rights, pursuant to section 7 of the Data Protection Act, 1988 (also here) [hereafter: section 7 DPA88]. Read the rest of this entry »





Ireland: Damages for Data Protection Breaches, 1: Why Collins v FBD Insurance is wrong (again) – Eoin O’Dell

19 12 2019

A story in the newspapers this morning has made me think once again about some of the weaknesses in Irish law relating to damages for data protection infringements. Read the rest of this entry »





What you need to know about privacy policies – Suneet Sharma

8 12 2019

Sites you visit, applications you use and services you take all have privacy policies – but what are they and why are they important, despite many people just check boxing them? Read the rest of this entry »





Case Law: ABC v Google, Claimant who refused to tell the court or his opponent who he was runs out of track – Elisabeth Mason

5 12 2019

In ABC v Google LLC [2019] EWHC 3020 (QB) the High Court dismissed the latest attempt by an anonymous litigant-in-person (‘ABC’) to continue his ‘right to be forgotten’ claim against Google.  The claim concerned Google’s failure to block access to historic news reports concerning ABC (whomever he may be).  Extraordinarily, ABC pursued his claim for nearly two years without ever identifying himself either to his opponent or to the court. Read the rest of this entry »





Australia: The ugly truth: tech companies are tracking and misusing our data, and there’s little we can do – Suranga Seneviratne

30 11 2019

As survey results pile, it’s becoming clear Australians are sceptical about how their online data is tracked and used. But one question worth asking is: are our fears founded? The short answer is: yes. Read the rest of this entry »





Territorial scope in recent CJEU cases: Google v CNIL / Glawischnig-Piesczek v Facebook – Cathryn Hopkins

9 11 2019

The Court of Justice of the European Union (the “CJEU”) has handed down a few intermediary-related judgments since September alone, and two are considered below. Although one relates to the E-Commerce Directive (the “ECD”) and the other to the Data Protection Direction (the “DPD”)/GDPR, a comparison of the judgments shows an apparently inconsistent approach of the CJEU to the territorial reach of injunctions against internet intermediaries. Read the rest of this entry »





News: Stunt v Associated Newspapers, Data Protection reference to CJEU withdrawn

30 10 2019

On 29 October 2019 the Court of Appeal (Etherton MR, Sharp P and McFarlane P) made an order withdrawing the reference to the CJEU in the case of Stunt v Associated Newspapers ([2018] EWCA Civ 1780) . Read the rest of this entry »





Compound liability following data breaches: Equifax two years on – Suneet Sharma

29 10 2019

In September 2017 Equifax suffered a data breach exposing the personal data of over 147 million people. Hackers utilised a website application vulnerability to access the personal data of customers. Read the rest of this entry »