Misuse of private information

03Nov

GDPR engagement of 30+ additional jurisdictions – automated pleadings

Abstract: (1) The GDPR arguably, either directly or indirectly, could engage in a relatively straightforward fashion circa 30 jurisdictions apart from EU and EEA nations; plus some special jurisdictions such as places in northwest Africa, as implied by the Polisario jurisprudence. Pleadings for several such jurisdictional scenarios are explained. (2) My post on Brexit-proofing software contained an example of how jurisdictions might be embedded into a legal architecture artefact. That same example is reused to demonstrate how such pleadings can be...

By Article 3 Engagement, Brexit-proofing, Data breach, Domicile, GDPR, IT Implementation, Jurisdiction, Legal Architecture, Location, Misuse of private information, Monitoring, Nationalities, Profiling, Public international law, Remedies, Residence1 Comment
Read more...
26Oct

“Data Breaches… Armageddon…” – as announced by the Three Horsemen

"Data breaches... Armageddon..." - Morrisons v Various Claimants, [2018] EWCA Civ 2339 at para 78. Caveat: I confess at the outset that this quotation, though technically accurate, fails truly to reflect the tenor of the Court of Appeal's judgment. But are the consequences for employers so different? Not so clear. Bear with me while I try to dig myself out of this hole. To recapitulate, circa 100,000 employees of Morrisons (a UK supermarket chain) suffered a data breach when one of their...

By Damages, Data breach, Data Protection Act 1998, Distress, GDPR, Misuse of private information, Vicarious liability0 Comments
Read more...
03Apr

GDPR, IP addresses, and classification – theory and practice

IP addresses can determine jurisdiction - as classically exploited by private and public surveillance agencies, BigTech, other data brokers,  and just about any web site owner. This is well known. As is the fact that such tracking information is key to everyone's commercial efforts to destroy net neutrality and undermine the web. But what does this mean for GDPR compliance? Can it be exploited for classifying individuals' jurisdiction? Should it? What are the pros and cons? Theory (law) I note in passing...

By Automated decision-making, DPIA, GDPR, Misuse of private information, Monitoring, Profiling3 Comments
Read more...
25Feb

Data protection damages awards for distress in the UK jurisdictions up 5,000% pre-GDPR?

Masochists, who ipso facto and ex officio collectively may approach 100% of my audience, will be aware of my flogging Vidal-Hall v Google (lower court judgment) to death on Linkedin and elsewhere. However, after 37 months it may be time for a quick overview of Vidal-Hall's impact on subsequent cases. The contagion has just spread to Scotland. Bottom line: data protection distress awards in England/Wales and Scotland alike are up by circa 4-5,000% in three years. Before Tugendhat J struck down s.13(2) Data Protection Act 1998 in Vidal-Hall, courts could only...

By Damages, Data Protection Act 1998, Distress, Misuse of private information0 Comments
Read more...