A royal curveball – using the GDPR in privacy disputes

You don't expect to see Prince Harry and the GDPR in the same sentence, but it was reported this week that the Duke of Sussex has settled High Court claims against the paparazzi agency Splash News (Splash), in a case which was based partly on breaches of the GDPR. The Duke of Sussex brought claims against Splash in relation to photographs taken of a house that he was renting. Whilst details of the relevant legal arguments have not been released, Splash's apology statement noted that "[t]his matter concerns a claim for misuse of private information, breaches of The Duke's right to privacy under Article 8 ECHR and breaches of the General Data Protection Regulation and Data Protection Act 2018." Read more

GDPR fine in Poland gives important insight into the requirements of Article 14

Last week the Personal Data Protection Office (“UODO“) in Poland issued a €220,000 fine to a digital marketing company for breaching its obligations under Article 14 of the GDPR (i.e. to provide a privacy notice to individuals). The decision has some important practical implications for organisations, including that: the collection of publicly-available information from the … Read more

Cyberattack on German Public Figures Leads To One of Germany’s Largest Data Breaches

Last week, it was announced that during December 2018 almost one thousand German public figures, including journalists and a number of prominent politicians including the Chancellor and President, were the subject of one of Germany’s largest data breaches. The leaked data included contacts, private chats, credit card details and other financial details of figures from … Read more