27 Aug 2015

Data Protection update - August 2015


In this issue, we outline the Supreme Court’s ruling to grant part permission to appeal the Google v Vidal-Hall decision. We also consider a recent decision of the High Court to refuse to order compliance with a subject access request. We also outline an interesting exception in the new Consumer Rights Act 2015 that allows personal data to be shared in exchange for digital content without the application of consumer rights rules.

We provide an update on legal developments elsewhere in the world; outlining recent fines imposed by a German privacy watchdog and considering Google’s failure to comply with the French data protection authority’s (CNIL) demand to implement the “right to be forgotten” worldwide. We also report on a recent fine imposed by the Government’s Claims Management Regulator (CMR), one of the bodies attempting to tackle the issue of nuisance calls alongside the ICO, Ofcom and the Direct Marketing Association.

In our cybersecurity section, we review the ongoing data threats to customers following the recent hack of infidelity dating site, Ashley Madison. We also outline the warning given to other dating sites by the CNIL to improve their inadequate security and privacy policies. We look at a recent US decision finding that the Federal Trade Commission (FTC) has broad cybersecurity enforcement authority and consider a recent hack of Carphone Warehouse affecting 2.4 million customers.

Finally, we continue to keep you up to date with the latest enforcement activity of the ICO.

Find out more



Jonathan Kirsop

Jonathan Kirsop

T:  +44 20 7809 2121 M:  +44 7554 403 022 Email Jonathan | Vcard Office:  London