With a number of high-profile claims against Google in the offing, practitioners and individuals alike are hopeful for guidance on the interplay between the application of the ‘right to be forgotten’ principle and the forthcoming introduction of the General Data Protection Regulation (GDPR). Iain Wilson, managing partner of Brett Wilson LLP, considers the issues at hand.
According to official statistics published by the Ministry of Justice, there were, between July and December 2017, eight new applications for interim privacy injunctions, all of which were granted (available here). This was the highest number of successful new applications in a six-month period since 2012. Is the privacy injunction making a return?
Part 2 of the Leveson Inquiry (colloquially referred to as ‘Leveson 2’) which had been intended to address ‘the extent of unlawful or improper conduct within News International and other media organisations’ has been formally canned by the Government. Section 40 of the Crime and Courts Act 2013, which, had it ever come into force, would have made news publishers who were not subject to a Government-approved regulator, liable for the costs of defamation, privacy, and harassment claims, regardless of whether they won or lost, will now be repealed at the earliest opportunity.
In January 2014, Andrew Skelton, an apparently disgruntled employee of Morrisons Supermarket posted a file containing the personal data (including salaries, bank details, and National Insurance numbers) of 99,998 Morrisons’ employees on a file-sharing website. It seems his intention was to cause mass-scale damage to the supermarket. In March 2014, a CD containing the data was sent to three UK newspapers, one of whom alerted Morrisons. Chief among the company’s concerns was the possibility of the data being used to aid theft or identity theft from the staff concerned. They acted quickly to get the file removed from the Internet within a few hours.
The Prime Minister has indicated that the Law Commission will review legislation “to ensure that the criminal law, which was drafted long before the creation of social media platforms, is appropriate to meet the challenges posed by this new technology”. A new “social media code of practice”, providing guidelines for content and conduct and how companies report abuse is also proposed.
Miles Savory, the director of Accident Claims Handlers Ltd, has been convicted of breaching the Data Protection Act 1998 following a prosecution brought by the Information Commissioner’s Office (‘ICO’) for unlawfully obtaining the name and address of the owner of personalised number plates that he was seeking to purchase.
In GYH v Persons Unknown  EWHC 336, the claimant, a transgender woman who works as an escort, was granted an interim injunction to prevent, amongst other things, the publication of information which purported to relate to her private life.