Category Archives: United Kingdom

UK Supreme Court to hear appeal in Google v Vidal-Hall

In April 2015, the English Court of Appeal, in Google v Vidal-Hall, held that the Data Protection Act 1998 permits compensation for non-pecuniary loss, such as distress, where privacy rights have been violated. The UK Supreme Court has granted Google permission to appeal in relation to this aspect of the Court of Appeal’s finding.

Link (UKSC): Permission to appeal: Google Inc v Vidal-Hall

UK ICO issues “Right to be Forgotten” enforcement notice

The UK’s Information Commissioner’s Office (ICO) has issued its first ever “right to be forgotten” enforcement notice against Google Inc.  The ICO followed the 2014 European Union Court of Justice’s decision in Google Spain SL, which permits anyone to request the removal of information where that information is inaccurate, inadequate, excessive or, irrelevant.  In each case, a number of factors will be relevant including the type of information in question, its sensitivity, the role of the individual in public life, the amount of time which has passed and the interests of the public in having access to the information.

ICO ordered Google Inc to remove several links to new stories about the complainant’s previous criminal offence, which was committed almost ten years ago.  Google Inc has not indicated whether it will appeal the decision.

Link: UK ICO issues “Right to be Forgotten” enforcement notice

Darmer v Taylor Wessing: New UK case on right to access personal information

In this UK case, the Darmers made an application under section 7 of the Data Protection Act 1998 for access to all the data held about them by the law firm Taylor Wessing.  In dismissing the application, the English High Court emphasised that the purpose of section 7, in entitling an individual to have access to personal information, is to check the accuracy of the information and to have it corrected if incorrect.  Section 7 is not intended as an automatic tool to access all information relating to matters in which the requester may be named or involved.  Nor is the purpose of section 7 to assist the requester to obtain discovery of documents that may assist the requester in litigation or complaints against third parties.

Link: Darmer v Taylor Wessing [2015] EWHC 2366 (Ch)

UK ICO orders Google to improve its “vague” privacy policy

The UK Information Commissioner’s Office (ICO) has ordered Google to sign a formal undertaking to improve its “vague” privacy policy by addressing the lack of easily accessible information describing the ways in which, and the purposes for which, Google will process personal data, and the lack of sufficient explanation of technical terms to service users. Google must fix these issues by August 2015. Outside of the UK, French and Spanish data protection authorities have fined Google €150,000 and €900,000 respectively for breach of their privacy laws and the Dutch data protection authority is currently threatening Google with a €15 million fine.

Link: Google undertaking to ICO

Half of British consumers think their privacy is at risk: Symantec

New research shows that almost half of UK consumers are concerned that their personal data is not safe and that most rate data security as equally important to product and service quality when choosing where to shop.

Link: Symantec’s 2015 State of Privacy report

English Court of Appeal rules against Google on browsing data

The English Court of Appeal, in Google v Vidal Hall, determined two important issues of law – whether the cause of action for misuse of private information is a tort, and whether a claim for damage can be made under section 13 (compensation) of the Data Protection Act 1998 (DPA) without showing pecuniary loss. The case concerns Google’s collection of information about the browsing habits of Safari users without their knowledge and consent. The Court ruled that misuse of private information should be considered a tort, rather than an equitable claim for breach of confidence. The Court also held that the DPA permits compensation for non-pecuniary loss, such as distress, where privacy rights have been violated. In reaching this conclusion, the Court noted that distress is “often the only real damage caused by a contravention”.

Link: Google v Vidal Hall