• Contact Us

Data Protection - What's New and Upcoming? February 2022 Roundup

on Tuesday, 22 February 2022.

Latest Data Protection Blogs

ICO Issues New Guidance Following School Reprimand - Is Your School in Compliance with Data Protection Law?

Artificial Intelligence and Data Protection - Navigating UK GDPR Compliance

Responding to a Subject Access Request? Don't Forget the Supplementary Information…

Data Protection Concerns Surrounding Attendance Data

Key Recent Developments in Data Protection - What Do In-house Lawyers Need to Know?

Over recent years the public has become more aware of data protection rights, and we have seen increased claims for damages. However, two recent cases indicate that, despite the rise in data breach claims, the courts will take a pragmatic approach.

An Overview of Two Recent Cases

In Lloyd v Google, the Supreme Court comprehensively dismissed Mr Lloyd’s representative action against Google. The decision addressed two questions:

  • If compensation for 'loss of control' could be awarded under the old Data Protection Act 1998 without evidence of damage or distress. The answer? No! Interpreting 'damage' to include a pure 'loss of control' claim was untenable.
  •  If a representative action was a suitable vehicle for data breach claims. The Court was broadly encouraging of representative actions for seeking declaratory relief to questions of liability and in the pursuit of damages where uniform per claimant damages are sought but not in cases where an individualised assessment of damages is required.

In Rolfe v VWV (yes, we claim credit for this success!) a claim for distress with no tangible harm or loss was given short shrift. The case is a reminder of how important it is to ensure a breach is remediated quickly – by contacting the incorrect recipient and ensuring the misaddressed email was destroyed, the defendants in this case saved themselves from the costs and nuisance of a full data breach claim.Which means, going forward, we can hope to see fewer claims following a data breach.

Data Protection Post-Brexit

2021 saw a raft of proposals for post-Brexit data protection measures and reforms, including measures to:

  • reduce barriers to innovation in AI/machine learning and scientific research
  • change the thresholds for data subject access requests
  • boost trade by reducing barriers to data flows
  • deliver better public services
  • reform the UK ICO.

What Does This Mean for UK Data Protection Going Forward?

Universities will welcome the plans to re-balance UK data protection law towards trade and innovation. However, the reforms are at an early stage and subject to consultation. It is unclear how they will find their way into UK data protection law. There is also the question of the UK’s adequacy status with the EU. Post-Brexit, the EU granted the UK adequacy status on the basis that the UK would remain aligned to EU data standards. If we depart too far from the EU data laws, we risk losing our adequacy status.

We can be sure that UK and EU institutions will be monitoring developments in this area with interest over the coming months and years.

A version of this article first appeared in University Business on 27 January 2022.

For further information on data protection please contact a member of our Information Law Team, or complete the form below.

Get in Touch

First name(*)
Please enter your first name.

Last name(*)
Invalid Input

Email address(*)
Please enter a valid email address

Telephone
Please insert your telephone number.

How would you like us to contact you?

Invalid Input

How can we help you?(*)
Please limit text to alphanumeric and the following special characters: £.%,'"?!£$%^&*()_-=+:;@#`

See our privacy page to find out how we use and protect your data.

Invalid Input