UK

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation.  Please reach out to the authors if you are interested in additional information.

California Attorney General Clarifies that Inferences are Personal Information | Consumer Privacy World

Registration OPEN: April 5 from 12-1

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation.  Please reach out to the authors if you are interested in additional information.

BREAKING Florida Senate Adjourns, Data Privacy Bill Yet Again Fails to Pass | Consumer Privacy World

Virginia Work Group

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation.  Please reach out to the authors if you are interested in additional information.

Illinois Supreme Court Deals a Serious Blow to Employers’ Ability to Defend Against BIPA Claims For Statutory Damages |

On 10 November 2021, the UK Supreme Court unanimously rejected Mr Richard Lloyd’s attempt to bring representative proceedings against Google. Styled by the Court of Appeal as a champion of consumer protection, Mr Lloyd sought damages for approximately 4 million Apple IPhone users under section 13 of the Data Protection Act 1998 (“the DPA 1998”) after the unlawful processing of their data. He had suggested uniform damages at £750 per user which would have landed Google with a bill for £3 billion.
Continue Reading Google LLC v Lloyd – Major Representative Action Denied

2021 was a busy year for UK data litigators as courts got their teeth into some key issues in this developing area. One area of particular focus was how English law approaches the ‘minor’ or ‘inadvertent’ data breach. Such incidents can easily arise; an email copied to the wrong person, usually swiftly deleted, is a

Over the past few years, there has been an increasing number of claims against businesses and public bodies for distress caused by data breaches. The pattern is, by now, a familiar one. A claimant will make a claim for breach of data protection legislation, seeking damages at a relatively low value for the distress and anxiety they say has been caused by the data breach. This claim will be accompanied by claims for one or more of: misuse of private information, breach of confidence and negligence. Added on to the damages claimed will be the legal costs of the claimant’s lawyers, together with the after-the-event (“ATE”) insurance premium for the policy the claimant will have procured to bring a privacy claim. As a result, the defendant is faced with a difficult decision – pay over the odds for a claim where the claimant has suffered no financial loss, or fight litigation with the risk of mounting costs on both sides if the decision goes against them.

Following a cyber-attack in 2017 and 2018, this is the situation that faced DSG Retail Limited (“DSG”), and which has led to an important judgment for these data breach claims, Warren v DSG Retail Ltd [2021] EWHC 2168 (QB).
Continue Reading Narrowing the Scope of Data Breach Claims? – Warren v DSG Retail Ltd

On 24th December 2020, the UK and the EU finally agreed on the terms of a Brexit deal, including an interim solution to the issue of personal data transfers from the EU to the UK.  This interim arrangement gives some much-needed breathing space to European organizations with UK affiliates or that use UK service providers, and renewed hope for an eventual adequacy decision from the European Commission covering transfers of personal data to the UK.

The interim solution agreed allows companies and organisations that transfer personal data from the EU to the UK, to continue to do so, for up to six months to give time for the European Commission to approve an adequacy decision in favour of the UK (under Article 36(3) of Directive (EU) 2016/680 and under Article 45(3) of Regulation (EU) 2016/679).Continue Reading Brexit Updated: Interim Deal Reached on EU-UK Data Transfers

Digital Facial RecognitionLast week (9th July), the ICO announced that it would join forces with the Office of the Australian Information Commissioner (OAIC) to investigate the use of personal information, including biometric data, by Clearview AI, Inc. (Clearview). Limited information is available so far, but given the focus of the investigation, this is an important step in determining data protection rights and obligations, where information is ‘scraped’ from ‘publicly available’ sources, for the purposes of tackling crime.
Continue Reading ICO and Australian Information Commissioner Team-up to Investigate Clearview AI, Inc. Facial Recognition Tool and Data Scraping

As businesses in the hospitality and leisure industries are permitted to re-open in England, the Government is asking them to keep a temporary record of their customers and visitors, in order to support NHS Test and Trace.  This information will be requested by NHS Test and Trace in the event that someone who has tested positive for COVID-19 lists the business’s premises as a place that they visited recently, or because the premises has been identified as the location of a potential outbreak. This is viewed by the UK Government as a key part of their ongoing response to the virus, as the lockdown is lifted.
Continue Reading The UK Government and the Information Commissioner Provide Guidance on the Collection of Contact-Tracing Information by Hospitality & Leisure Businesses