The right to be forgotten enables an individual to request the deletion or removal of personal data whether there is no compelling reason for its continued processing. However, the European Court of Justice (ECJ) has decided that the right does not apply to personal data in a companies register.
An Italian company director believed that various properties in a tourist complex failed to sell because the companies’ register disclosed that his previous company had been declared insolvent and struck off the register. He applied to the Chamber of Commerce requiring it to anonymise or block data linking him to his previous liquidation and to pay damages. The ECJ was asked to consider whether member states may allow individuals to request that access to their personal data on the companies register is limited to a specified period of time following dissolution of a company.
The ECJ decided that the public disclosure requirements took precedence over the protection of personal data in the interests of promoting legal certainty and protecting third parties in relation to limited liability companies.
The High Court has found two ex-employees of a claimant (C) liable for breaching their duties of confidence, but has rejected C’s claim for substantial damages. Instead, C was awarded the nominal sum of £2.
C had sought damages of £15 million, based on breaches of duty in copying and retaining confidential files. Crucially, the case was not brought on the basis that the defendants’ misuse of confidential information had caused C to suffer any loss or resulted in the defendants making any financial gain.
In the case of one of the defendants, the copied files were never subsequently accessed or used. The other defendant had made limited use of a few files, but C had not sought a remedy for the use actually made.
This case provides a useful illustration of the court’s approach to damages in cases where liability and breach of duty can be swiftly established, but establishing a loss to the claimant or gain to the defendant is less clear-cut. The judgment highlights the importance of focusing a claim for damages on the realities of the situation, rather than hypothetical outcomes. It also demonstrates that, even in cases of clear wrongdoing, the court’s role is not to punish but to recognise loss suffered, or gains illegitimately made.
An English private health company has been fined £200,000 after its Indian subcontractor failed to keep fertility patients’ personal information secure.
An investigation was commenced in April 2015 when a patient found that transcripts including details from interviews with hospital patients could be freely accessed by searching online.
The investigation revealed the hospital had been routinely sending unencrypted audio records of the interviews by email to the Indian subcontractor. Details of private conversations between a doctor and various hospital patients wishing to undertake fertility treatment were transcribed in India and then sent back to the hospital. It was found that the Indian company could not restrict access to the personal information because it stored audio files and transcripts using an unsecure server.
The English company was fined as it had breached the Data Protection Act 1998 by failing to ensure that its sub-contractor acted responsibly in compliance with the Data Protection Act.
This case shows the importance of ensuring that appropriate subcontracts are in place and enforced. If you feel your subcontracts might need checking, I would be happy to help.
Please drop me an email or give me a call.
The IP Enterprise Court has decided that certain sales of clothing branded with the registered trade mark “VEUVE CLICQUOT” were not covered by the scope of consents from the trade mark owners to the use of the marks.
The sales by the defendants therefore amounted to trade mark infringement and passing off. There were a number of defendants and the court said they were all liable.
The court awarded the trade mark owners £125,000 in damages and granted an injunction to prevent further infringement and passing off.
This case demonstrates the importance of ensuring that your licences to use intellectual property are wide enough for the needs of your business, and the necessity to stay within the remits of those licences.
If you need any advice on such issues, please email Karen.Mason@Novalex.co.uk
The European Commission has published a communication on online platforms and the digital single market. The communication outlines a targeted, principles-based approach to fix problems flagged by respondents to the Commission’s September 2015 consultation on online platforms.
The key principles the Commission has applied are:
- that it should create a level playing field so that comparable digital services are subject to the same or similar rules;
- ensure that online platforms act responsibly;
- foster transparency and fairness to maintain user trust and safeguard innovation; and
- keep markets open and non-discriminatory.
The Commission is encouraging online platforms to undertake coordinated EU-wide self-regulatory efforts to curtail exposure to illegal and harmful content. The Commission says that it will consider whether to provide guidance for online platforms on their liability when putting in place voluntary, good-faith measures to fight illegal content online, since some online platforms had expressed concern about how the exemptions in the E-Commerce Directive would apply in such cases.
Other actions include taking steps to deal with ensuring that online ratings and reviews are trustworthy and that online platforms do not mislead consumers. In this regard, the Commission has published a revised Consumer Protection Cooperation Regulation and revised guidance on the Unfair Commercial Practices Directive.