On 15 April 2019, the Supreme Court granted supermarket chain Morrisons permission to appeal against the Court of Appeal ruling that it was vicariously liable for its employee’s misuse of data in the first successful UK class action for a data breach. Permission was granted on all grounds of appeal and the Supreme Court will … Read more

The German competition authority, the Federal Cartel Office (“FCO“) last week announced the results of its investigation into Facebook for a novel abuse of dominance involving consent for its data collection. Whilst the full decision is not yet public, the FCO has published a background paper here. In short, the FCO found that Facebook had … Read more

The Court of Appeal has today dismissed an appeal against the High Court’s decision that Morrisons was vicariously liable for its employee’s misuse of data, despite: (i) Morrisons having done as much as it reasonably could to prevent the misuse; and (ii) the employee’s intention being to cause reputational or financial damage to Morrisons itself: … Read more

The Grand Chamber of the European Court of Human Rights’ (ECtHR) ruling in Barbulescu v Romania (61496/08) is a timely reminder of the limits of employers’ ability to monitor their employees’ private activity on work IT systems. The case concerned an employee’s personal use of a Yahoo Messenger account set up at the employer’s request … Read more

On 3 July 2017 the Information Commissioner’s Office (“ICO“) determined that the Royal Free NHS Foundation Trust (the “Trust“) had breached the Data Protection Act 1998 (the “Act”) when it provided patient details to Google’s DeepMind. The Trust provided personal data of approximately 1.6 million patients to Google’s Deep Mind as part of clinical safety … Read more