Data Protection Act 1998

On 14 September 2017, the Government published the long-awaited draft of the Data Protection Bill (the Bill). The Bill will incorporate the General Data Protection Regulation (EU) 2016/679 into UK law. While the Bill will repeal the existing Data Protection Act 1998 (the DPA), it preserves many of the tailored exemptions which continue to exist

Since the Legal Aid, Sentencing and Punishment of Offenders Act 2012 (Fines on Summary Conviction) Regulations 2015 came into force 12 March 2015, the Magistrates’ Court has had the ability to impose unlimited fines for criminal offences under the Data Protection Act 1998 (‘DPA’).

Under s.55 DPA, an individual can be convicted of a criminal offence if he or she obtains or discloses personal data without the consent of the data controller. Before 12 March, a £5,000 fine cap existed, but this has now been removed, allowing for fines of any amount to be imposed at sentencing.

Continue Reading Unlimited fines may now be imposed by UK Magistrates’ Court Data Protection offences

The UK Court of Appeal found that individuals can be awarded compensation for breaches of data protection laws even where no financial damage exists. In a case where Google sought to block claimants from data protection claims, Vidal-Hall et al v Google, the Court of Appeal found the claimants could pursue claims seeking damages relating to Google’s bypassing of security measures on the Apple Safari internet browser.

The claims allege that Google introduced tracking cookies on Apple’s Safari browser in breach of Apple’s policies, which allowed Google to gather data users’ online behavior, including information about their financial status and ethnicity to be used for targeted advertising. The claimants argue the tracking caused them anxiety and distress.

Continue Reading Google loses its appeal in ‘David v Goliath’ Safari tracking case opening the door for a substantial class action

This post was written by Cynthia O’Donoghue.

The Business Innovations and Skills Department of the UK Government has issued a public consultation on a proposal to create a requirement on suppliers of goods and services to provide their customers, when requested, with information on historic transactions and consumption data in an open standard, machine-readable

The UK Information Commissioner’s Office (“ICO”) released recommendations advising organisations to ensure that the data held regarding individuals is thoroughly and securely searchable so they can meet their obligations under the Data Protection Act 1998 (“DPA”). The ICO also clarified when companies can be classified as data controllers. The recommendations came through three sets of