On 7 September 2021, the High Court granted a defendant’s application for summary judgment in a claim for compensation brought by three data subjects resulting from a data breach suffered by the defendant, on the basis that the breach was ‘trivial’ (here).

The case

The case related to a single email (with attachments) sent by the defendant, a firm of solicitors. The defendant, who represents a school to whom the claimants, a set of parents, owed outstanding school fees, had been instructed to write to the claimants with a demand for payment. The email consisted of a letter and a copy of the statement of account.

Due to one letter difference in one of the email addresses, the correspondence was sent to an unintended recipient. The unintended recipient responded promptly, indicating that they thought the email was not intended for them. The defendant then responded promptly, asking the unintended recipient to delete the email, which they agreed to do. The recipient was unknown to the claimants personally.

The email contained the claimants’ names, address and the amount of school fees owed, as well as reference to proposed legal action, but it did not contain any financial information in the form of bank or card details, or information about the income or financial position of the claimants.

The claim brought by the claimants was for, amongst other things, compensation for non-material damage (i.e., distress) under article 82 of the General Data Protection Regulation ((EU) 2016/679) (GDPR) and section 169 of the Data Protection Act 2018. This was based on (i) the claimants having suffered “lost sleep”, (ii) the breach having “made them feel ill” and (iii) extensive time having been spent by the claimants dealing with the issue.Continue Reading ‘Trivial’ data breach claim dismissed by High Court

On 11 August 2020, the Court of Appeal published its decision challenging the High Court’s approval of South Wales Police’s (‘SWP’) use of CCTV facial recognition. We wrote about the High Court’s judgment in September last year, which can be viewed here.

As a quick recap of the case, SWP used CCTV automated facial

In July 2019, the UK privacy regulator, the Information Commissioner’s Office (ICO) issued a warning about the privacy implications of automated facial recognition technology (AFR). The ICO was concerned that AFR “represent[s] the widespread processing of biometric data of thousands of people as they go about their daily lives.”

The UK High Court recently handed

An attempt to bring legal action against Google for its alleged tracking of an estimated 4.4 million iPhone users in 2011 and 2012 has been blocked by the UK High Court (the court).

Campaign group “Google You Owe Us” brought the claim as a representative action on behalf of the affected individuals (the class) in 2017. It is thought to be the UK’s first mass legal action of its kind.

The case

Google You Owe Us argued that Google breached its duty under the Data Protection Act 1998 by circumventing the default settings in Apple Safari, placing cookies on the browser to track user’s movements, and using the collected data to sell advertisements. The decision is still relevant to the Data Protection Act 2018.

In an application for permission to serve the claim on Google in the United States, the High Court was required to determine, amongst other things, whether the claim had a reasonable prospect of success.

Justice Warby acknowledged that Google may have breached its duty. He said: “There is no dispute that it is arguable that Google’s alleged role in the collection, collation and use of data obtained via the Safari Workaround was wrongful, and a breach of duty.”Continue Reading High Court blocks data privacy claim against Google

The High Court held, in The Software Incubator v Computer Associates [2016] EWHC 1587 (QB), that a supply of commoditised software is a sale of goods for the purposes of the Commercial Agents (Council Directive) Regulations 1993 (“Regulations”).

Background

Computer Associates UK Ltd (“CA”) entered into a non-exclusive agreement with The Software Incubator Limited (“TSI”). TSI agreed to provide software consulting and promotion services in return for a fixed monthly fee and commission on sales.

TSI’s director was unhappy with the relationship and decided to become an agent for another company (“the company”), which led to TSI signing an agreement with them. TSI intended to terminate the agreement with CA, but CA served three months’ notice of termination on TSI in September 2013. However, CA then decided to terminate the agreement earlier and with immediate effect, alleging that TSI’s work for the company amounted to a repudiatory breach.  TSI claimed compensation under the Regulations, commission on post-termination sales, and damages.Continue Reading A supply of software can be a sale of goods

The High Court in Arthur J. Gallagher Services (UK) Limited and others v Skriptchenkov and others [2016] EWHC 603, granted 11 February a mandatory injunction ordering the inspection and imaging of electronic devices and computers belonging to the defendants, and the subsequent destruction of any confidential information belonging to the claimant that was found. The