UK Data Protection Update - January 2015

20 January 2015

Highlights in the period include guidance from the Article 29 Working Party on its approach to the Google Spain right to be forgotten case and 4 interesting data protection cases. We have provided a speed-read of the relevant cases below.

Finally, as the New Year brings in more negotiations on the draft General Data Protection Regulation, we have also included a 'stock take' on the progress made on the Regulation and what remains to be done.

With best wishes for a great 2015,

The Bird& Bird data protection team

Case law speed-read

A new CJEU data protection case, the Frantisek Rynes case on cctv. The European Court concluded that domestic cctv surveillance is not a 'purely personal or household activity'; that the exemption should be narrowly interpreted and is intended to cover matters such as maintenance of an address book or correspondence. The case is likely to require the ICO to re-issue its own guidance on cctv and its very recent guidance on drones (see later in this update). In this case, Mr Rynes had installed cctv to protect the front of his property. Through this he captured images of two individuals who broke windows in his home. The Czech data protection authority had brought proceedings against Mr Rynes for breaching the Czech Act for not having registered his processing and having failed to notify and obtain consent from the individuals whose images were captured via cctv.

In the UK, we have 3 interesting cases.

In Amber UPVC, the First Tier Tribunal upheld a monetary penalty awarded by the Information Commissioner in relation to tele-marketing calls. Earlier in 2014, the Upper Tribunal had held that unwanted marketing calls may cause annoyance or irritation- but that this did not satisfy the threshold for imposition of a monetary penalty. In Amber UPVC, the Tribunal managed to distinguish the earlier case, arguing it was limited to the way that case had been brought. The decision will have been a welcome Christmas present for ICO in its battle against intrustive tele-marketing campaigns.

Trushin v The National Crime Agency: a case relating to the crime prevention and detection exemption under the Act. Mr Trushin argued that the NCA's release of information about him to Russian agencies, via an Interpol request, breached the Data Protection Act. The NCA attempted to strike out this claim. Mr Justice Foskett rejected this application, noting that the crime prevention exemption is 'complex'. We will watch for the full trial, for detailed consideration of the crime prevention exemption.

Grace & another v Black Horse Limited: a Court of Appeal case dealing with reporting of non-payment of debts to credit reference agencies (holding that unenforceable debts should not be reported).

View the full update (PDF) >>