Case Law: Various Claimants v W M Morrison Supermarkets, Employer liable for data breach by employee seeking to damage it – Alex Cochrane

21 11 2018

On 22 October 2018, the Court of Appeal dismissed the supermarket chain’s appeal in the case of Various Claimants v WM Morrison Supermarkets PLC [2018] EWCA Civ 2339, where Morrisons had been held vicariously liable at first instance for a mass data breach caused by the criminal act of a rogue employee (see our blog about that decision here). Read the rest of this entry »





Proposed police super-database breaks the law and has no legal basis, but the Home Office doesn’t care – Matthew White

19 10 2018

The announcement from human rights organisation Liberty that it would boycott the UK Home Office’s consultation on the Law Enforcement Data Service, a new super-database for the police, is an indication of how far from acceptable the project is. Read the rest of this entry »





Google and the Right to be Forgotten, Four Case Studies – My Clean Slate

17 10 2018

When dealing with Google, it is good to bear in mind that their erasure policy is both erratic and random.  The Right to be Forgotten seems to depend on the individual who is dealing with a request and whether they have had a good or bad day.  There have been a number of odd – indeed, downright inconsistent decisions over the past six months which illustrate the problem. Learning on the job does not quite capture it. Read the rest of this entry »





Case Law: Lloyd v Google, No compensation for Google data breaches – Rosalind English

13 10 2018

Most of us resignedly consent to the use of cookies in order to use internet sites, vaguely aware that these collect information about our browsing habits in order to target us with advertisements. It’s annoying, but does it do us any harm? That is the question that came up before Warby J in a preliminary application for a representative claim in the case of Lloyd v Google LLC [2018] EWHC 2599 (QB). Read the rest of this entry »





Privacy and public records: how to protect your personal information in an online age – Alicia Mendonca-Richards

4 10 2018

In this article we look at how to minimise the visibility of your personal information in online public records, without losing the benefits that online administration brings. Read the rest of this entry »





British Airways hacking: how not to respond to a cyber attack – Bill Buchanan

11 09 2018

Chaos appears to reign at British Airways, where hackers stole the details of around 380,000 customer bookings. There have been some poor responses to cyber attacks on major companies in the past, but the airline’s actions in this case could be one of weakest in recent history. Part of this may be because companies are now required by the EU to report cyber attacks within 72 hours, and because information may still be being withheld due to ongoing criminal investigation. Read the rest of this entry »





‘Fake news’ and Facebook: symptoms not causes of democratic decline – Des Freedman

5 08 2018

It’s pretty rare for the report of a minor parliamentary committee to generate such a buzz but perhaps less surprising when the topic is ‘fake news’ and the main villain of the piece is one of the world’s most valuable – and controversial –  companies, Facebook. Read the rest of this entry »