Sunday, 30 March 2014

No Common Law Lien On Electronic Database

Your Response Ltd. v Datateam Business Media Ltd. [2014] EWCA Civ 281

The Court of Appeal found that a common law lien could not be exercised over intangible objects such as an electronic database because the protection accorded to the makers of databases by certain other enactments (such as the Copyright and Rights in Databases Regulations 1997) reflected that databases do not represent tangible property of a kind that is capable of forming the subject matter of claims concerning an interference with possession.

Google Inc. In English Court for UK Data Protection Violation

Vidal-Hall & Ors v. Google Inc. [2014] EWHC 13 (QB)

Google's Safari browser was again the subject of claims of data protection violation. One major new development in this case was that the British claimants took the US mother company Google Inc. and not its UK entity to court in England. The High Court granted permission to sue Google Inc. in the UK arguing that the alleged violation of UK data protection law is tort in the UK and therefore the English High Court the correct forum for the claim. It also held that tracking the internet use of the claimants in anonymous but categorised form according to content like interests and then providing them with according advertisements meant processing personal data without claimants consent. Google Inc. has filed an appeal against the decision.   

Thursday, 20 March 2014

German Information Commissioners On CCTV

The German Information Commissioners issued guidelines on the use of CCTV by private companies comprising general explanations of the legal framework, examples and a check list of questions. (Link)

Individual's Name And Personal Data Protection

Efifiom Edem v. Information Comissioner and Financial Services Authority [2014] EWCA Civ 92 (7 February 2014)

The Court of Appeal had to try a case in which an applicant made a request under the Freedom of Information Act 2000 to obtain details of a complaint he had made to the FSA about the way the FSA had regulated Egg plc, an internet bank. As part of this request the applicant sought the disclosure of the names of three junior staff involved with the matter but which had been redacted from emails supplied to him by the FSA on the basis that the names were personal data and could not therefore be disclosed under the FOIA. 
The Court of Appeal now ruled that a person’s name constitutes personal data for the purposes of the Data Protection Act 1998 unless the name is so common that without further information, such as its use in a work context, a person would remain unidentifiable despite its disclosure.

ICO Publishes Privacy Impact Assessment Code

The UK Information Commissioner’s Office (ICO) has published its updated privacy impact assessments ("PIA") code of practice to help organisations respect people’s privacy when changing the way they handle people’s information.The code explains the privacy issues that organisations should consider when planning projects that use personal information, including the need to consult with stakeholders, identify privacy risks and address these risks in the final project plan. (Link)