Disinformation, data verification and social media – Ben Wagner and Lubos Kuklis

16 01 2020

What you don’t know can’t hurt you: this seems to be the current approach for responding to disinformation by public regulators across the world. Nobody is able to say with any degree of certainty what is actually going on. Read the rest of this entry »





Ireland: Damages for Data Protection Breaches 2, Why Murphy v Callinan is wrong – Eoin O’Dell

20 12 2019

In my previous post in this series, I argued (yet again) that Collins v FBD Insurance plc [2013] IEHC 137 (14 March 2013) was wrongly decided. It precludes a claim for damages for distress for breach of data protection rights, pursuant to section 7 of the Data Protection Act, 1988 (also here) [hereafter: section 7 DPA88]. Read the rest of this entry »





Ireland: Damages for Data Protection Breaches, 1: Why Collins v FBD Insurance is wrong (again) – Eoin O’Dell

19 12 2019

A story in the newspapers this morning has made me think once again about some of the weaknesses in Irish law relating to damages for data protection infringements. Read the rest of this entry »





What you need to know about privacy policies – Suneet Sharma

8 12 2019

Sites you visit, applications you use and services you take all have privacy policies – but what are they and why are they important, despite many people just check boxing them? Read the rest of this entry »





Territorial scope in recent CJEU cases: Google v CNIL / Glawischnig-Piesczek v Facebook – Cathryn Hopkins

9 11 2019

The Court of Justice of the European Union (the “CJEU”) has handed down a few intermediary-related judgments since September alone, and two are considered below. Although one relates to the E-Commerce Directive (the “ECD”) and the other to the Data Protection Direction (the “DPD”)/GDPR, a comparison of the judgments shows an apparently inconsistent approach of the CJEU to the territorial reach of injunctions against internet intermediaries. Read the rest of this entry »





News: Stunt v Associated Newspapers, Data Protection reference to CJEU withdrawn

30 10 2019

On 29 October 2019 the Court of Appeal (Etherton MR, Sharp P and McFarlane P) made an order withdrawing the reference to the CJEU in the case of Stunt v Associated Newspapers ([2018] EWCA Civ 1780) . Read the rest of this entry »





ECJ confirms territorial limitations of ‘the right to be forgotten’ – Iain Wilson and Elisabeth Mason

3 10 2019

On 24 September 2019, whilst the country was focused on the United Kingdom Supreme Court as it ruled that the prorogation of the UK parliament was unlawful, the Court of Justice of the European Union (CJEU or ECJ), handed down judgment in Google LLC, successor in law to Google Inc. v Commission nationale de l’informatique et des libertés (CNIL), C‑507/17, effectively a sequel to the landmark data protection ‘Google Spain’ decision in May 2014. Read the rest of this entry »





The Right To Be Forgotten back in the CJEU: Court Judgments on the territorial scope of de-referencing; and sensitive personal data – Ian Helme

27 09 2019

Following on from the Advocate General Opinions published on 10 January (which I wrote about here), yesterday the Court of Justice released its decisions in two cases concerning internet search engines and the right to be forgotten. Read the rest of this entry »





The Facebook Appeal and Procedural Grounds – Christopher Knight

25 07 2019

What sort of grounds of challenge can be run on an appeal against a monetary penalty notice issued by the Information Commissioner? Where the Tribunal has a full merits jurisdiction, is there scope for grounds of challenge relating to the process by which the MPN was reached? Read the rest of this entry »





BA’s record fine could help make the public take data security more seriously – John McAlaney

12 07 2019

British Airways (BA) has received a record fine of £183m after details of around 500,000 of its customers were stolen in a data breach in summer 2018. The fine was possible thanks to new rules introduced last year by the EU’s General Data Protection Regulation (GDPR), which gave the British regulator powers to impose much larger penalties on companies that fail to protect their customers’ data. Read the rest of this entry »