May 24, 2022
The UK Information Commissioner has imposed a significant fine of £7,552,800 on Clearview AI for illegally collecting personal data of UK residents. The facial images of UK residents were scraped from the internet and fed into Clearview’s database where, with the aide of artificial intelligence, it could use that data to identify those people and monitor them.
Clearview AI continues to maintain that it has done nothing wrong, saying that its technology and intentions have been “misinterpreted.” and claimed that Clearview AI is not subject to the ICO’s jurisdiction.
Clearview has already been the subject of act ion by other regulators. In March 2022 the Italian data protection agency fined Clearview €20 million penalty for breaches of EU law. In December last year France’s data watchdog, CNIL,found that Clearview had committed two breaches of the the GDPR. Similarly in February 2021 Canadian privacy commissioners stated that Clearview violated Canadian Privacy laws . In the United States Cook County, effectively Chicago, and Clearview entered into agreement in settlement of a suit whereby Clearview has agreed to stop providing its technology to most private clients and doing business in Illinois.
The use of facial recognition technology by police, is belatedly being scrutinised Read the rest of this entry »
Posted in Legal, Privacy, UK case law, UK Information Commissioner's Office
|
Post a comment »
March 4, 2019
Mr Justice Warby in Linklaters LLP Linklaters Business Services Intended Claimants v Frank Mellish [2019] EWHC 177 (QB) considered an application for injunctive relief regarding a breach of confidence action. The information was sensitive but not commercially sensitive in the strict sense of the word. The decision does demonstrate the relative flexibility of the principles applied to more unusual fact situations.
FACTS
The claimants are:
- the multi-national law firm Linklaters; and
- the company through which Linklaters employed its UK-based employees (“LBS”).
Read the rest of this entry »
Posted in UK case law
|
Post a comment »
September 29, 2016
Yesterday in Pippa Middleton & anor v Person Unknown or Persons Unknown [2016] EWHC 2354 (QB) Mrs Justice Whippie continued an injunction made on 24 September 2016 prohibiting the publication of photographs hacked from Pippa Middleton’s iCloud account. The media reports that Read the rest of this entry »
Posted in Privacy, UK case law, UK High Court
|
1 Comment »
February 13, 2014
Anyone who has been part of a big organisation when it moves to new premises knows how complex and difficult it can be. Not only does each worker’s files have to be secured and furniture and computer equipment marked but the organisations myriad other stores of documents, records not to mention the more prosaic items from the tea room and the bosses drinks cabinet have to be marked, packed, moved and unpacked in vaguely the right place in the new premises. Things can go awry when the planning is defective and the execution is sloppy. As the Compensation Agency Northern Ireland (“CANI”), an administrative unit of the Department of Justice, discovered when it lost control of a mass of sensitive files left in a filing cabinet which it had sold at auction. Net effect was a £185,000 monetary penalty notice issued by the Information Commissioner’s Office on 14 January 2014 (found here).
FACTS
CANI moved offices from Royston House in February 2012. It decided to sell any marketable furniture surplus to requirements at auction [4]. A locked four drawer filing cabinet was then taken out of storage in Royston House, without its contents being checked, sent to a shared storage room used by CANI to temporarily store all kinds of office furniture prior to its disposal. It was provided to a local auctioneer for a valuation, again without checking its contents. Apparently the key to the filing cabinet had been mislaid [5]. On 12 March 2012 it was transported to the local auction and sold to a buyer. The buyer then forced the lock and discovered that it contained official looking papers dating from the mid 1970’s to 2005. The Police were called who took possession of the papers and returned them to CANI [6].
The official papers contained
- a limited amount of confidential, ministerial advice; and
Posted in General, Privacy, UK case law
|
Post a comment »
October 22, 2013
The UK Information Commissioner has served the Ministry of Justice with a £140,000 monetary penalty after a data breach involving it sending details of all prisoners serving at a Cardiff prison to three of the inmate’s families.
The ICO press release (found here) provides:
MoJ fined £140k following serious data breach
The Information Commissioner’s Office (ICO) has served the Ministry of Justice (MoJ) with a monetary penalty of £140,000 after a serious data breach Read the rest of this entry »
Posted in Privacy, UK case law
|
Post a comment »
September 20, 2013
As the ALRC (further) inquiry proceeds on at a relatively relaxed pace on whether there should or should not be a statutory right to privacy and if so what form it should take the UK jurisprudence has developed to the point where there are established principles governing the grant of injunction on privacy related matters. The grant of super injunctions caused considerable controversy and disquiet in the media. More importantly there was concern about their efficacy and enforcement. The process has been amended signficiantly and the Court has been more restrained in its use. The use of privacy injunctions are now more effective and less controversial.
Notable featurs of the report are that there were
- six proceedings in which the High Court in London considered an application for a new interim injunction prohibiting Read the rest of this entry »
Posted in Privacy, UK case law
|
Post a comment »
August 9, 2013
The Information Commissioner’s Office has served the Bank of Scotland with a monetary penalty for wrongly and repeatedly faxing personal information, to unintended recipients.
The penalty notice relevantly provides (found here):
Bank of Scotland pic is the data controller, as defined in section 1(1) of the Data Protection Act 1998 (the “Act”), in respect of the processing of personal data carried on by Bank of Scotland pie and is referred to in this notice as the “data controller”. Section 4(4) of the Act provides that, subject to section 27(1) of the Act, it is the duty of a data controller to comply with the data protection principles in relation to all personal data in respect of which it is the data controller.
The Act came into force on 1 March 2000 and repealed the Data Protection Act 1984 (the “1984 Act”). By virtue of section 6(1) of the Act, the office of the Data Protection Registrar originally established by section 3(1) (a) of the 1984 Act became known as the Data Protection Commissioner. From 30 January 2001, by virtue of section 18(1) of the Freedom of Information Act 2000 the Data Protection Commissioner became known instead as the Information Commissioner (the “Commissioner”).
Posted in General, Privacy, UK case law
|
Post a comment »
February 22, 2013
On 12 February the ICO issued the Nursery and Midwifery Council a £150,000 fine for breaching the data Protection Act.
The council lost three DVDs related to a nurse’s misconduct hearing, which contained confidential personal information and evidence from two vulnerable children. The ICO found the information was not encrypted.
According to the ICO press release David Smith, Deputy Commissioner and Director of Data Protection, said:
“It would be nice to think that data breaches of this type are rare, but we’re seeing incidents of personal data being mishandled again and again.
While many organisations are aware of the need to keep sensitive paper records secure, they forget Read the rest of this entry »
Posted in Privacy, UK case law
|
Post a comment »
January 19, 2013
On 17 January 2013 Mr Justice Briggs, sitting in the High Court Chancery Division, published his reasons in RocknRoll v News Group Newspapers Ltd granting an interim injunction restraining News Group Newspaper from publishing photographs of Edward RocknRoll (the “claimant”). See my post on the reportage here.
FACTS
In July 2010 the claimant attended a private fancy dress party to celebrate the 21st birthday of his then wife’s sister at her parent’s private estate [1]. Another guest at the party took photographs of the claimant (“the Photographs”), some of which showed him partly naked. The Photographs were posted on the photographer’s Facebook page where they could be viewed by his 1,500 “friends”, until subsequent changes to the Facebook settings resulted in them being made accessible to the general public (unbeknownst to the photographer). Since the Photographs were taken the claimant divorced his first wife and married Kate Winslet, an actress [2]. The Photographs came to the attention of the defendant at the beginning of January 2013 [3] and it:
“..wishes to publish the Photographs, together with a description of their contents, in the Sun newspaper, and notified the claimant of its intention to do so, albeit not the source of the Photographs… it intended to pixillate the part of any published photographs which showed the lower half of the Claimant’s body.”
DECISION
At [5] his Honour set out the general principles applicable in considering an application for injunctive relief against misuse of private information in the Read the rest of this entry »
Posted in Privacy, UK case law
|
Post a comment »