Category: Privacy

Closing off the Warren of Negligence Claims for Data Breaches

| No Comments
| Cyberlaw, Cyberlaw, Data Protection, Digital Rights, Privacy, Privacy, Tort

Data and Private Law bookcoverI have just published “Closing off the Warren of Negligence Claims for Data Breaches” in Damian Clifford, Kwan Ho Lau & Jeannie Marie Paterson (editors) Data and Private Law (Hart Studies in Private Law, Bloomsbury, 2023) chapter 10; pp161-174 (available via SSRN). Here is the abstract:

Large databases of personal data are increasingly vulnerable to hacks. Arising out of the biggest data breach in the United Kingdom’s history, the claimant in Warren v DSG Retail Ltd [2021] EWHC 2168 (QB) (30 July 2021) sought damages for distress for breach of data protection legislation, misuse of private information, and breach of a duty of care in negligence. Saini J dismissed the negligence claim because there is neither need nor warrant to impose such a duty of care where there exists a bespoke statutory regime. But this is an incoherent policy, inconsistently applied. Moreover, it ought not to operate at all in cases where the defendant has voluntarily assumed responsibility towards the claimant. Nevertheless, after Warren, the tort of negligence provides no incentive for the controllers of large databases to protect them.

The cover of the book is above, right. It is very elegant. And this is one time where you really can judge the book by its cover.…

Read More »

Identifiability in defamation, data protection, and privacy cases (updated)

| 4 Comments
| Defamation, Defamation, Privacy, Privacy

Martin Kenny TD (Sinn Fein)In an earlier post, I considered the settlement in Carey v Independent News & Media and the status of Bloomberg v ZXC [2022] AC 1158, [2022] UKSC 5 (16 February 2022) in Ireland. According to media reports this time last week, a case similar to Carey may very well be brewing:

Sinn Féin TD takes breach of privacy action against Mediahuis and state (Barry Whyte, Business Post, 24 September 2023)
Martin Kenny also suing the gardaí and the state over a series of articles published last year which did not name him.

Sinn Féin TD sues An Garda Síochána, Independent titles publisher and State (Colm Keena, Irish Times, 24 September 2023)
Martin Kenny is taking breach of privacy case arising from news report that did not name him or his party.

It seems that the articles in respect of which he is suing contain a quote from An Garda Síochána about an ongoing investigation into an alleged criminal offence, that they say that there was a connection to a politician who was a member of an unnamed party, and that they made it clear that there was no suggestion that this politician was being accused of any wrongdoing.…

Read More »

The settlement in Carey v Independent News & Media and the status of Bloomberg v ZXC in Ireland

| 3 Comments
| Privacy, Privacy

Pat Carey (2011) via FlickrAfter a long and distinguished career as a popular public servant, first as a councillor, then then as a TD, and finally as a Minister, Pat Carey (pictured left) is now a public affairs consultant. On 11 and 12 November 2015, the Irish Independent reported that a Garda investigation was under way into allegations of child sexual abuse against an un-named former Minister. He claimed that he was identifiable as the person concerned, and he felt he had no choice but to issue a statement denying the allegations. He was never arrested; and, after the Garda investigation had concluded, the Director of Public Prosecutions in 2019 informed him that no charges would be brought against him. Meanwhile, he commenced proceedings against various defendants, including the Garda Commissioner and the Irish Independent, for damages for invasion of privacy. When the case settled in Mr Carey’s favour earlier this month, there was much sympathetic coverage:

  • Former minister Pat Carey receives apology from Garda Commissioner and damages over newspaper articles (Irish Times, 16 June 2023)
  • Former minister Pat Carey to receive ‘substantial damages’ over Garda leak (Irish Independent, 16 June 2023)
  • Gardaí apologise to Pat Carey over leaks from 2015 investigation into unfounded allegations (TheJournal.ie,

Read More »

It’s good to TalkTalk – Part 2: negligence claims for data breaches

| No Comments
| Data Protection, Privacy, Privacy, Tort

It's still good to TalkTalk

1. Introduction

Two recent cases demonstrate two very different privacy issues arising out data breaches suffered by the telecommunications company TalkTalk in 2014 and 2015. Smith v TalkTalk Telecom Group plc [2022] EWHC 1311 (QB) (27 May 2022) concerned claims for damages for both breaches; whilst Sterritt v Telegraph Media Group Ltd [2022] NIQB 43 (09 June 2022) concerned the privacy of one of the hackers involved in the second breach. In my previous post, I looked at the limits of claims for misuse of private information for both breaches in Smith. In this post, I want to look at Smith (again) and at Sterritt, to consider the limits of a claim in negligence in such cases.

2. Negligence claims in Smith

The main problem in Smith is that TalkTalk did not take steps to secure the data involved in the 2014 breach and the 2015 hack. This sounds like a failure to take reasonable care. But a negligence claim in such circumstances was not pleaded, as it was probably precluded by authority.

In Swinney v Chief Constable of Northumbria Police Force [1997] QB 464, [1996] EWCA Civ 1322 (22 March 1996), the plaintiff saw a car which had hit and killed a police officer, and provided that information to the police.…

Read More »

It’s good to TalkTalk – Part 1: misuse of private information claims for data breaches

| 6 Comments
| Data Protection, Privacy, Privacy

It's good to TalkTalk

1. Introduction

Two recent cases demonstrate two very different privacy issues arising out data breaches suffered by the telecommunications company TalkTalk in 2014 and 2015. Smith v TalkTalk Telecom Group plc [2022] EWHC 1311 (QB) (27 May 2022) concerned claims for damages for both breaches; whilst Sterritt v Telegraph Media Group Ltd [2022] NIQB 43 (09 June 2022) concerned the privacy of one of the hackers involved in the second breach. In this post, I want to look at the limits of claims for misuse of private information for both breaches in Smith. In the next post, I will look at Smith (again) and at Sterritt, to consider the limits of a claim in negligence in such cases.


2. Smith and the 2014 TalkTalk breach: no misuse of private information

In Smith v TalkTalk Telecom Group plc [2022] EWHC 1311 (QB) (27 May 2022) (noted on Panopticon), in September 2014, TalkTalk customers began to receive scam calls purporting to be from TalkTalk, which were ultimately traced to data obtained by users of Wipro, a third party providing network services to TalkTalk. However, Wipro put no adequate controls in place to prevent unauthorised access by its users to the data supplied by TalkTalk.…

Read More »

Dystopia and dysaguria on the fourth birthday of the GDPR’s application

| No Comments
| Dysaguria, GDPR

Several years ago, a photo was widely shared on social media showing a CCTV camera outside 22 Portobello Road, George Orwell’s first London home. The image had been created by artist and photographer Steve Ullathorne, as part of his series Restyles of the Dead and Famous, in which he tweaked images of homes of the dead and famous. Here’s the dystopian image as shared:

CCTV outside Orwell's house

Read More »

Seán Quinn, the Streisand Effect, and improving the operation of the right to be forgotten – updated

| 5 Comments
| GDPR, Right to be Forgotten

Google search RtbF notice

I have just conducted a search on a popular search engine for “Seán Quinn”, and the above message – that Some results may have been removed under data protection law in Europe – appears at the bottom of each page of results. Over the past weekend, there was widespread media coverage of attempts by Seán Quinn to rely on the EU’s right to be forgotten to remove newspaper articles from search listings that highlighted significant aspects of his bankruptcy and of his family’s lavish pre-bankruptcy lifestyle. This attempt at reputation management backfired spectacularly on him, and stands as an example of the Streisand effect, which is:

… a phenomenon that occurs when an attempt to hide, remove, or censor information has the unintended consequence of increasing awareness of that information, often via the Internet. It is named after American singer Barbra Streisand, whose attempt to suppress the California Coastal Records Project photograph of her residence in Malibu, California, taken to document California coastal erosion, inadvertently drew greater attention to it in 2003.

On Saturday, in the Irish Independent, Shane Phelan published the following story:

Revealed: Quinn family succeeds in campaign to erase press coverage of lavish lifestyle

Google delists dozens of articles on court battles and even €100,000 wedding cake

Members of ex-billionaire Seán Quinn’s family have mounted a successful campaign to have press coverage about their past ‘forgotten’ by Google.

Read More »

GDPR and remote working, Ross O’Carroll Kelly-style

| 3 Comments
| GDPR

WFH Monitoring RO'CK; via Pixabay (modified)Ross O’Carroll-Kelly is the protagonist and narrator of many novels and a weekly satirical newspaper column in the Irish Times. He is a hugely self-confident South Dublin celtic tiger rugby cub who never grew up; his slightly dippy wife tolerates his legendary foibles and even-more-legendary indiscretions; and his terrible children take daily advantage of his boundless stupidity.

In last week’s column (audio here), he complained that his neighbour was power-washing the patio again, when he’s supposed to be working from home, but he gets away with it, because he gets his wife to move the cursor on his work laptop so it doesn’t go to sleep. Thanks to the pandemic, remote working is here to stay: in January of this year, the Government published its Making Remote Work – National Remote Working Strategy, “to ensure that remote working is a permanent feature in the Irish workplace in a way that maximises economic, social and environmental benefits”. It will create many benefits. For example, in this week’s column, Ross’s two eldest children, Ronan (Ro) (Ross’s illegitimate son, with many criminal connections) and Honor (Ross’s daughter-from-hell), go into the business of monitoring shirking remote-workers, without the need to microchip employees:

“So,” Honor goes, “a lot of you have, like, businesses, right?

Read More »

© cearta.ie 2025. Powered by WordPress