Included in this issue: AG GDPR City Series November 2019; Landmark data breach ruling may open the compensation claim floodgates; European Court of Appeal confirms explicit consent is required for tracking cookies; and more...


AG GDPR City Series November 2019 – Sign Up Here!

With the first GDPR fine notices hitting the headlines and a new wave of public privacy awareness, the challenges for businesses continue. 

Come along to one of our data protection seminars in November to hear from experts on what lessons have been learnt since GDPR came into force and what's in store for UK data protection compliance.

Landmark data breach ruling may open the compensation claim floodgates 

The Court of Appeal has made a landmark data protection ruling which may open the compensation floodgates to data breach claims. 

The Court has ruled that claimants should be entitled to compensation even if the only personal data affected by a breach was their email address. The Court further stipulated that loss of personal information was sufficient grounds for a valid claim, and that there wasn't a requirement to prove loss or damage. 

In the case, the Court clarified that firms representing a fraction of the total of individuals affected by a major data breach could claim compensation for the whole group affected and distribute the funds out.  

European Court of Appeal confirms explicit consent is required for tracking cookies

The European Court of Appeal has ruled that internet users must actively and explicitly consent to being tracked by cookies. 

Judges in the case stated that on websites, pre-ticked checkboxes agreeing to tracking is not sufficient, instead boxes should be left empty allowing users to tick them if they wish, and tracking cookies should only be switched on once this box has been ticked.

The Court also ruled that service providers must fully inform users on how long the cookies would run for and whether third parties would have access to their data. 

The ruling largely aligns with the ICO's recent guidance on the use of cookies post-GDPR.

ICO raids business suspected of unlawful pension cold calls

The ICO has carried out a raid on business premises in Chichester as part of an investigation into suspected illegal pension cold calling. 

During the raid, computer equipment and documents were seized for analysis. 

Earlier in the year, the law surrounding nuisance calls related to pensions was changed, making it illegal in certain circumstances. 

ICO publishes guidance to help SMOs maintain data flows after Brexit

The ICO has published guidance to help small and medium sized organisations (SMOs) prepare for the possibility of a no-deal Brexit, urging them to "prepare for all scenarios" in order to maintain data flows.

The dedicated guidance builds on that previously published on data flows, but is more relevant and accessible to smaller organisations. 

For business supply chains to functions and in order for public authorities to deliver effective services, it is vital that the UK and EU member states are able to share customers', citizens' and employees personal data.

Key contacts

Ross McKenzie

Ross McKenzie

Partner, Commercial Services
Aberdeen, UK

View profile
Helena Brown

Helena Brown

Partner, Head of Data
Edinburgh, UK

View profile

For further information on the Data Protection team, please click here.

Our experts regularly produce a range of articles, legal publications and resources on a wide range of legal subjects and hot topics to help in-house teams anticipate and understand the implications of current and future legal developments which may impact their businesses.  The full listing of the updates available to you is available from our website.