On 5 December 2023, the UK Office of Communications (Ofcom) published for consultation its draft guidance on age assurance (and other Part 5 duties) for service providers publishing pornographic content on online services, along with an accompanying consultation paper. This is the second draft guidance document published by Ofcom since the Online Safety Act came into force.
Online Service Providers: Obligations Under The UK’s Online Safety Act 2023
The UK’s Online Safety Act (OSA) 2023, which became law on 26 October 2023, imposes extensive new obligations on certain types of online service providers, requiring them to protect their users by identifying, mitigating, and managing risks relating to illegal and harmful content. Due to its extraterritorial reach, the OSA is expected to regulate approximately 100,000 organisations worldwide.
Landmark Decision Handed Down on ICO’s Responsibilities in Handling Subject Access Requests
On 10 October 2023, the England and Wales Court of Appeal handed down its decision in Delo, R. (On the Application Of) v. The Information Commissioner , in which it upheld an earlier High Court ruling that the UK’s data protection regulator, the Information Commissioner’s Office (ICO), is not obliged to reach a definitive decision on the merits of each and every data subject access request (DSAR) complaint, but that it – instead – has broad discretion, which it found the ICO had exercised lawfully under the UK General Data Protection Regulation (GDPR) when responding to a DSAR complaint.
On the Record: On-Demand Events
Our On the Record Rapid-Fire Series provides insights and analysis on commercial and contractual disputes – and the issues that drive them. The series addresses a range of topics, including class actions, crypto, product litigation, and cross-border, life sciences and technology disputes. To keep up with all the changes in high-value and complex commercial and contractual disputes, subscribe to our updates below.
United Kingdom: Injunctive Relief Against Persons Unknown – The Ransomware Edition
On 11 July 2023, the English High Court handed down its decision on the claimant’s application in Armstrong Watson LLP v. Persons Unknown, granting judgment in default and final injunctive relief. Specifically, the court granted the claimant permanent injunctive relief against persons unknown – a group of unidentified hackers – for purposes of restraining the use and disclosure of confidential information that had been acquired by the hackers via a ransomware attack and to require deletion or delivery up of that information.
Irish Circuit Court Awards Damages for ‘Non-Material’ Harm Under GDPR
On 11 July 2023, the Circuit Court of Ireland awarded 2,000 euros in compensation to a plaintiff seeking ‘non-material damage’ under Article 82 of the General Data Protection Regulation, in what is believed to be the first case in the European Union to follow the recent Court of Justice of the European Union decision in the Österreichische Post case (Case C-300/21).We have written previously about the Österreichische Post case, in the blog post titled ‘European Court of Justice Clarifies Rules on Damages Compensation for GDPR Breaches’.In the Irish case of Arkadiusz Kaminski v Ballymaguire Foods Limited [2023] IECC 5, the court held that the plaintiff suffered non-material harm when the defendant, his employer, used CCTV footage of him, in which he was clearly identifiable, in a training session delivered to other employees.
New EU Class Actions Mechanisms to be Implemented by Christmas
New laws allowing groups of EU consumers to launch class actions against traders are to be implemented by 25 December 2022 and will apply from June next year. The EU’s Representative Actions Directive (EU) 2020/1828 represents a major overhaul of the European class actions landscape, introducing mechanisms for group litigation in every one of the EU’s 27 Member States, alongside a new cross-border mechanism for class actions.
So¦ A crisis has arisen? Don’t Panic!
A crisis can take many different forms. Depending upon the nature of the business in question, a crisis can mean a crippling cyber-attack, material fraudulent activity coming to light, a whistleblower raising serious allegations of impropriety, or something else entirely that is unique to the business.
Data Disputes: How the English Class Action Landscape is Shaping Up
The number of class actions brought in the UK is likely to grow considerably. In particular, we expect Claimant firms to continue making claims for misuse use of data where an issue affects a large number of individuals.