Privacy Law Monthly Round Up – September 2021

Headlines

Ben and Deborah Stokes’ privacy claim against The Sun for the highly intrusive article detailing traumatic events in the Stokes’ family past was settled on 30 August 2021, with the newspaper agreeing to publish an apology and pay substantial damages. Paul Wragg wrote about The Sun’s “nonsensical” defence for the Inforrm Blog, concluding that the only party spared the anguish of trial was the newspapers’ defence team.

Government and General legislative developments

The controversial Police, Crime, Sentencing and Courts Bill had its second reading in the House of Lords this month. The Bill is notorious for its proposed restrictions on peaceful protest, which critics have predicted will have a discriminatory impact and breach the rights to freedom of expression and assembly. Broadened police powers would also enable the extraction of more information from mobile phones.

The Age Appropriate Design Code (aka the “Children’s Code”) entered into force on 2 September 2021 following a one year transition period. The Children’s Code explains to businesses how the UK GDPR, Data Protection Act and Privacy and Electronic Communications Regulations apply to the design and delivery of Information Society Services (“ISS”) – i.e social media, educational and gaming platforms – apply to children. The Children’s Code is the first of its kind worldwide, and has been welcomed by many as a positive development for keeping children safe online. The 15 standards that the Code sets can be found here.

Sticking with child safety online, Home Secretary Priti Patel launched a Safety Tech Challenge fund at the G7 meeting start of this month. Five applicants will be awarded up to £85,000 each to develop new technologies that enable to detection of child sexual abuse material online, without breaking end-to-end encryption.

The UK Government has launched a public consultation on data protection legislation reform following Brexit entitled Data: A new direction. The consultation is open until 19 November. Following the end of the Brexit transition period, the UK’s data protection regime, which had derived from the EU framework, will be transposed into domestic law known as the UK GDPR. The Government is seeking to use this opportunity to make some changes to the current regime. The Hawtalk Blog discusses how some of these proposals are unethical and unsafe. Further discussion can be found on the Panopticon Blog and the Data Protection report

Data Privacy and Data Protection

Cressida Dick, the Metropolitan Police Commissioner, has accused tech giants of undermining terrorist prevention efforts by virtue of their focus on end-to-end encryption. Writing in The Telegraph on the twentieth anniversary of the 9/11 attacks, she said that it is “impossible in some cases” for the police to fulfil their role to protect the public. Given the pressure on tech giants to ensure users’ privacy, companies are unlikely to reshape their platforms to facilitate more extensive monitoring.

Apple has delayed its plan to scan its users’ iCloud images for child sexual abuse material. The proposed detection technology would compare images before they are uploaded to iCloud against unique “digital fingerprints” of known child pornographic material maintained by the National Centre for Missing and Exploited Children. The plan was criticised by privacy groups because it involved using an individual’s own device to check if they were potentially engaged in criminal activity.

Surveillance

The Metropolitan Police have invested £3 million into new facial recognition technologies (FRT) that will greatly increase surveillance capabilities in the capital. The expansion of the Met’s technology will enable it to process historic images from CCTV feeds, social media and other sources in order to track down suspects. Critics argue that such FRT encroaches on privacy by “turning back the clock to see who you are, where you’ve been, what you have done and with whom, over many months or even years.” There is also concern that FRT can exacerbate existing racial discrimination in the criminal justice system. The UK’s Surveillance Camera Commissioner (SCC), Professor Fraser Sampson, has acknowledged that some FRT “are so ethically fraught” that it may only be appropriate to carry them out under license in the future.

NGO’s

Big Brother Watch published an opinion piece warning that the imposition of vaccine passports could reorganise Britain into a two-tier, checkpoint society. The article responds to the Scottish Parliament’s vote in favour of vaccine passports earlier this month. Wales has since followed Scotland and announced mandatory vaccination and COVID status check schemes. The English government has not yet committed to such a regime. The ICO has emphasised that data protection laws will not stand in the way of mandatory vaccination and COVID status checks, but rather facilitate responsible sharing of personal data where it is necessary to protect public health. 

Privacy International has considered how data-intensive systems and surveillance infrastructure, developed by national and foreign actors, in Afghanistan as part of developmental and counter-terrorism measures will fare under the Taliban regime.

From the regulator

ICO

The ICO has announced two fines this month;

  • A total of £495,000 was imposed against We Buy Any Car, Saga, and Sports Direct for sending more than 354 million “frustrating and intrusive” nuisance messages between them. None of the companies had permission to send recipients marketing emails or texts, making their behaviour illegal;
  • The Glasgow-based company DialADeal Scotland Ltd was fined £150,000 for the making of more than 500,000 nuisance marketing calls to recipients who had not given their permission to receive them.

The ICO has also released a communiqué from a meeting on data protection and privacy held by the G7 authorities at the start of the month. The meeting is closely aligned with the Roadmap for Cooperation on Data Free Flow with Trust announced by G7 Digital and Technology Ministers on 28 April 2021.

IPSO

IPSO has published a number of privacy rulings and resolutions;

IMPRESS

There were no IMPRESS rulings relating to privacy this month.

Cases

The Inforrm Blog has published an article detailing the continued decline in privacy injunction applications in England and Wales for 2021. There were only three applications in the first six months of the year, down from ten in 2020. All three applications were successful. Only 4% of the new issued cases on the Media and Communications List related to misuse of private information or breach of privacy.

No judgements relating to privacy have been handed down this month.


Written by Colette Allen

Colette Allen has hosted “Newscast’” on The Media Law Podcast with Dr Thomas Bennett and Professor Paul Wragg since 2018. She has recently finished the BTC at The Inns of Court College of Advocacy and will be starting a MSc in the Social Sciences of the Internet at the University of Oxford in October 2021.

Tackling hate speech- Intersecting approaches and the Raheem Stirling case

The case of footballer Raheem Stirling provides an avenue into the oft-overlooked issue of hate speech prevention and deterrence. The adequacy of English law in tackling hate speech, a nuanced and increasingly difficult to isolate issue.  This is due to an instance of hate speech having the potential to cover a wide variety of legal actions and regulations. This in and of itself can be problematic; actions may not quite fit the scenario to which they apply or require careful adherence and scrutiny to ensure a just outcome. Continue reading

Citation: News: Specialist Media Barristers’ Chambers One Brick Court announces dissolution

Sad news indeed from the media law Bar, One Brick Court has announced its closure. Our best wishes are with members of Chambers and our greatest respect to its distinguished reputation over 130 years of practice.

Inforrm's Blog

One Brick Court, the long established set of specialist media law barristers has announced today that it is to dissolve, with effect from 24 June 2019. The set has explained that the dissolution is due to “recent unexpected departures and a retirement“.

View original post 248 more words

A brief introduction to the concept of privacy under English law – Part III

For context please see Part’s I and II of our analysis.

Eraser Picture

From the hallmark case of Campbell and the development of breach of privacy as an action, it is clear that the integration of privacy as a concept in English law is still in its formative years. In Part III we consider some of the significant cases post-Campbell to date, bringing into relief key issues and developments in privacy law, many of which are ongoing or merit further consideration by the courts. In particular, the broad nature of an individual’s reasonable expectation of privacy becomes clear (covering issues of children’s privacy and biometric data retention) and the degree to which this can be qualified against other rights is explored.

Continue reading

Imperfect solutions for access to justice -success fees are no longer recoverable in English defamation and privacy cases

On 29 November 2018, the Government published its response to the 2013 consultation on costs protection in defamation and privacy claims. In particular, the written statement by the Lord Chancellor and Secretary of State for Justice summarizes the amendments to costs provisions, raising access to justice concerns.

In short, the Government has decided to implement s.44 of the Legal Aid, Sentencing and Punishment of Offenders (LAPSO) Act 2012, making claimant lawyers success fees under conditional fee agreements (“CFAs”) unrecoverable from defendants in defamation and privacy cases commencing 6 April 2019. The consolation is that after-the-event insurance (“ATE”) fees remain recoverable. This article considers how these changes perpetuate imperfect solutions that harm access to justice.

Continue reading

A brief introduction to the concept of privacy under English law – Part II

In Part II we consider the legislative framework under English law which enshrined privacy and the recent development of the action for misuse of private information, underpinned by privacy as a value.

The right to privacy was codified into legislation at European Union level in the European Convention of Human Rights, which provides a higher level interpretive layer of guidance on the application of such rights. However, these provisions required integration into English law via legislation to be effective. In taking the lead from the European authorities Parliament passed the Human Rights Act 1998 (“HRA”) to achieve such harmonisation. Article 8 of the HRA addresses the right to a private life:

  1. Everyone has the right to respect for his private and family life, his home and his correspondence.
  2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.

Continue reading

A brief introduction to the concept of privacy under English law – Part I

This article is meant to illustrate the development of the concept of privacy under English law, is by no means exhaustive and provides a general reference to key developments.

Many doctrines under English law form due to common law, also known as judge-made or case law, where a series of legal cases create and form doctrines or principles which underpin legal rights. Privacy emerged as a notion in common law in the 18th century, developing through cases, until it was legislated in the 20th century under the European Convention on Human Rights, which was integrated into English law by the Human Rights Act 1998. In Part I we explore the early common law cases which introduced the concept of privacy to English law.

Continue reading

A regulatory Trojan horse – decrypting calls for a Federal consumer privacy law in the United States

In a keynote speech before the European Parliament in Brussels on 24 October 2018, Tim Cook CEO of Apple called for the implementation of a Federal privacy law, praising the Parliament for its implementation of the General Data Protection Regulation (“GDPR”):

“We at Apple are in full support of a comprehensive Federal privacy law in the United States. There, and everywhere, it should be rooted in four essential rights: First, the right to have personal data minimized… Second, the right to knowledge… Third, the right to access… and fourth the right to security.”

Data-driven companies are painfully aware that they need to be seen to take consumer privacy seriously or risk alienating customers. However, they are also aware of the regulatory burden new laws would place on their operations. The result is a covert attempt to undermine state legislative efforts by pushing for superseding Federal privacy laws.

Phone photos 268 (2).jpg

Continue reading

The Privacy Perspective launches its Resources page!

TPP is delighted to announce to launch of our Resources pageblack-and-white-blackboard-business-356043.jpg

This page focuses on providing readers with a list of similar sites which provide insightful and topical commentary on privacy law and associated issues such as data privacy, media law, information law and cybersecurity. TPP reproduces these links with thanks and we hope visitors will find them useful.

We foresee this page growing along with our site and it will be updated on a monthly basis.

“Learning is a treasure which will follow its owner everywhere” – a Chinese proverb