This podcast episode examines the use of facial recognition technology in the United Kingdom and the recent decision Clearview AI Inc v The Information Commissioner [2023] UK FTT 00819 (GC ..read more

This podcast considers the growth in the use of artificial intelligence and the implications for data protection.  ..read more

The use of personal data has been both revolutionary and evolutionary. The explosion in the availability of personal data came from technological developments such as the creation of the personal computer, social media platforms, and smart phones. The ability to track and record our interactions in communications, the creation of large volumes of publicly available data, and the ability to buy datasets has led to a new technological innovation that many predict will have explosive consequences.  ChatGPT  ChatGPT is a massive technological leap in general purpose (or ‘generative’) Art ..read more

There have been two significant judgments in the Court of Justice of the European Union (‘CJEU’) on aspects of the General Data Protection Regulation (‘GDPR’). The first is case C-300/21, which examined GDPR damages. The second is case C-487/21, which gives further guidance on data subject access requests. There is also case T-557/20, which was before the General Court, on pseudonymisation and anonymisation under the GDPR.  (i) Case C-300/21: UI v Österreichische Post AG (GDPR Damages) Austria’s Supreme Court asked the CJEU for a preliminary ruling in relation to the scope of damages unde ..read more

The Grand Chamber of the Court of Justice of the European Union (‘CJEU’) has clarified whether a search engine or the person making a right to be forgotten request has the burden of proving the inaccuracy of the information in contested Internet search results. The question of whether preview images (so-called ‘thumbnails’) should be removed was also examined by the court. The Facts The individuals involved in the case were anonymised as TU and RE. TU is a member of the board of directors and the shareholder of an investment company. RE was TU’s cohabiting partner and held a role in one of the ..read more

This podcast analyses recent cases where claimants have tried to bring misuse of private information claims against companies that have been found to have been liable for mass data breaches. Despite findings by the ICO of culpability, such claims have not been successful in the UK. This podcast examines the reasons why. Cases mentioned: Warren v DSG Retail Ltd [2021] EWHC 2168 (QB) Graeme Smith & Others v TalkTalk Telecom Group Plc [2022] EWHC 1311 (QB). WM Morrison Supermarkets Plc v Various Claimants [2020] UKSC12 Underwood & Another v Bounty UK Ltd & Another [2022] EWHC 888 (QB ..read more

This podcast reviews the case Bloomberg LP v ZXC [2022] UKSC 5. The Supreme Court considered the question of whether as a general rule, a person under criminal investigation has, prior to charge, a reasonable expectation of privacy in respect of information relating to that investigation. How the quality of confidence in information affects the public interest in disclosure was also explored. The cases mentioned in this podcast: Murray v Express Newspapers plc [2008] EWCA Civ 446 In re Guardian News and Media Ltd [2010] UKSC 1 Khuja v Times Newspapers Ltd [2017] UKSC 49 Denisov v Ukraine (Appl ..read more

The Information Commissioner’s Office (“the ICO”) has released its new strategic plan, available here. John Edwards was appointed the new Information Commissioner and began his role on 4 January 2022. The strategy sets out how the ICO intends to achieve its four strategic objectives over the next 3 years. These objectives are: Safeguard and empower people Empower responsible innovation and sustainable economic growth Promote openness, transparency and accountability  Continuously develop the ICO’s culture, capability and capacity To support these objectives the ICO intends to do the fol ..read more

There have been a few recent cases in the High Court that have dealt with the question of whether misuse of private information can be claimed against companies that have experienced a data breach for which they have found to be responsible by the Information Commissioner. In both, the claimants failed to persuade the court that they could bring a claim in misuse of private information (“MPI”) alongside a claim for breach of data protection legislation.  MPI is a tort that recently emerged in the common law to address a shortfall in the law of breach of confidence, under which a claim can ..read more

Substantial changes to legislation that will impact the use of data is on the horizon. The European Commission announced its digital strategy in 2021 and its intention to introduce a number of different laws, all of which will impact digital technology and data. Although the United Kingdom (‘UK’) has now left the European Union (‘EU’), UK businesses that operate in the digital economy are likely to be impacted as most proposed legislation will have extraterritorial effect. The UK government has also recently announced that it intends to introduce a number of new laws that will impact the futur ..read more