Vidal-Hall v Google in the Supreme Court

Following the landmark judgment earlier in 2015, Google has applied for permission to appeal to the Supreme Court. The April judgment decided that an individual is entitled to damages for distress without being required to show loss and may open the floodgates to compensation claims following data breaches. The Supreme Court’s judgment on the application is awaited.

Google victory in first ‘right to be forgotten case’

Finland’s Data Protection Ombudsman has ruled this week that Google was not obliged to remove search results relating to the complainant. He argued that information about his previous debt collection business is no longer relevant but the Ombudsman rejected his argument as he is still involved in such activities. The request came following 2014’s landmark ‘right to be forgotten’ ruling which established that individuals can ask search engines to remove irrelevant, misleading or dated information about them.

National Security Agency spying illegal

A US federal court ruled the NSA’s spying programme illegal last Thursday. The programme which systematically collects millions of phone records in anti-terrorism measures was deemed inconsistent with the Patriot Act which was designed to improve security controls after 9/11. As some of the provisions of the act are due to expire on 1 June, Circuit Judge Lynch held that Congress should now decide on the degree of appropriate surveillance in light of the national security concerns. This is already being considered in the House which approved the Bipartisan Bill on Wednesday, prohibiting the NSA from collecting bulk data from calls made by Americans.

US employee dismissed for removing tracking app sues employer

A US employee fired on 5 May is bringing an action against her employer for invasion of privacy. It is alleged that her deletion of an app which tracked her movements resulted in the dismissal. Employees of Intermex were required to download app Xora which allows employers “to see the location of every mobile worker on a Google Map”. The plaintiff is seeking damages of over USD 500,000 for loss of earnings.

Court rule in favour of Internet service provider in privacy case

A US Court has ruled that Birch, an Internet Service Provider, is not required to divulge customer information to Rightscorp, (a firm representing copyrights holders). Rightscorp tried to use the Digital Millennium Copyright Act to gain access to Birch’s customer information to identify customers who had infringed the copyright of their clients. The court agreed with Birch’s argument that it was not legally required to open its files to private litigants.

Criminal app developers arrested in the US

Two men who developed an app which allows criminals to gather personal information from photo-sharing site Photobucket have been arrested in the US on indictments of computer fraud. The app allowed users to access private photos in passwordprotected accounts although the full extent of the breach is not yet known. The pair face a maximum penalty of five years in prison and a fine of USD 250,000.

Singapore companies to receive data protection legal advice

Singapore’s data protection authority announced this week that they are to launch a low-cost legal advice scheme to help companies comply with the Personal Data Protection Act. It also published two guides relating to cyber security and data breaches in recognition of the fact that “Personal data protection and cyber security are key factors to the success of Singapore’s smart nation vision,”. The advice scheme will benefit small and medium enterprises with limited legal resources.

Russia to implement stringent new data laws

Russia has this week announced new restrictions on data processing in force from 1 September. They pose significant challenges for international businesses as they govern the processing of personal data of Russian citizens outside of the country. They demonstrate Russia’s intention to assert control over the data of its citizens but present difficulties as they do not provide definitive guidance around the treatment of Russian’s data overseas or data of foreign nationals collected in Russia.