Tag Archives: Data Protection Act 1998

Draft of the Data Protection Bill Published by the UK Government

On 14 September 2017, the Government published the long-awaited draft of the Data Protection Bill (the Bill). The Bill will incorporate the General Data Protection Regulation (EU) 2016/679 into UK law. While the Bill will repeal the existing Data Protection Act 1998 (the DPA), it preserves many of the tailored exemptions which continue to exist … Continue Reading

Unlimited fines may now be imposed by UK Magistrates’ Court Data Protection offences

Since the Legal Aid, Sentencing and Punishment of Offenders Act 2012 (Fines on Summary Conviction) Regulations 2015 came into force 12 March 2015, the Magistrates’ Court has had the ability to impose unlimited fines for criminal offences under the Data Protection Act 1998 (‘DPA’). Under s.55 DPA, an individual can be convicted of a criminal … Continue Reading

Google loses its appeal in ‘David v Goliath’ Safari tracking case opening the door for a substantial class action

The UK Court of Appeal found that individuals can be awarded compensation for breaches of data protection laws even where no financial damage exists. In a case where Google sought to block claimants from data protection claims, Vidal-Hall et al v Google, the Court of Appeal found the claimants could pursue claims seeking damages relating … Continue Reading

NGOs may rely on UK’s Journalism Exemption

The UK Information Commissioner’s Officer (the “ICO”), in a letter to Global Witness (in Steinmetz and others v Global Witness) (the “Letter”), stated that non-media organisations may rely on the special-purposes exemption for journalism in s32 of the Data Protection Act 1998 (the “DPA”), to withhold personal data in response to Data Subject Access Requests. … Continue Reading

UK Court of Appeal limits typical damages for a data protection breach to £751

This post was written by Cynthia O’Donoghue. The UK Civil Division of the Court of Appeal ruled in favour of an individual data subject on the point of damages under the Data Protection Act 1998 (DPA), but limited the award to £751 GBP. The judgment in Halliday v. Creation Consumer Finance Limited, [2013] EWCA Civ … Continue Reading

UK Government issues consultation on consumer data access proposals as part of “midata” strategy

This post was written by Cynthia O’Donoghue. The Business Innovations and Skills Department of the UK Government has issued a public consultation on a proposal to create a requirement on suppliers of goods and services to provide their customers, when requested, with information on historic transactions and consumption data in an open standard, machine-readable format. … Continue Reading

The ICO Issues New Guidance on Access Rights and Data Controllers

The UK Information Commissioner’s Office (“ICO”) released recommendations advising organisations to ensure that the data held regarding individuals is thoroughly and securely searchable so they can meet their obligations under the Data Protection Act 1998 (“DPA”). The ICO also clarified when companies can be classified as data controllers. The recommendations came through three sets of … Continue Reading