In Lloyd v Google, the Supreme Court comprehensively dismissed Mr Lloyd’s representative action against Google. The decision addressed two questions:
In Rolfe v VWV (yes, we claim credit for this success!) a claim for distress with no tangible harm or loss was given short shrift. The case is a reminder of how important it is to ensure a breach is remediated quickly – by contacting the incorrect recipient and ensuring the misaddressed email was destroyed, the defendants in this case saved themselves from the costs and nuisance of a full data breach claim.Which means, going forward, we can hope to see fewer claims following a data breach.
2021 saw a raft of proposals for post-Brexit data protection measures and reforms, including measures to:
Universities will welcome the plans to re-balance UK data protection law towards trade and innovation. However, the reforms are at an early stage and subject to consultation. It is unclear how they will find their way into UK data protection law. There is also the question of the UK’s adequacy status with the EU. Post-Brexit, the EU granted the UK adequacy status on the basis that the UK would remain aligned to EU data standards. If we depart too far from the EU data laws, we risk losing our adequacy status.
We can be sure that UK and EU institutions will be monitoring developments in this area with interest over the coming months and years.
A version of this article first appeared in University Business on 27 January 2022.