Category Archives: Uncategorized

Company and director fined for failing to notify the ICO

A lead generation company, which pleaded guilty for failing to notify the Information Commissioner’s Office (ICO) under section 17 of the Data Protection Act, was fined £650, ordered to pay prosecution costs of £492.78 and £65 victim surcharge.

The company’s director also pleaded guilty to an offence under section 61 of the Data Protection Act (where the failure to notify is committed with the consent, connivance or neglect of a senior officer of the company) and was fined £534, ordered to pay £489.08 prosecution costs and £53 victim surcharge.

Notification is a straightforward process which can be done online at https://ico.org.uk/for-organisations/register/

Google Glass concerns

Larry Page, CEO of Google, will receive a letter from national data protection authorities asking him to answer questions about Google Glass, the internet-connected glasses currently in beta testing but not yet available to the general public. Data protection authorities are disappointed that Google has not spoken to them during the development of the product. The letter asks what data Google intends to collect, who it will be shared with, whether risk assessments have been carried out, what will be the privacy safeguards and how will social and ethical issues be addressed.

Deletion enforced

Google has been issued with an enforcement notice by the Information Commissioner’s Office requiring it to delete personal data collected in the UK by Street View vehicles and held on vehicle disks. The Street View investigation was reopened following a US report. This showed that data from networks had been collected without consent by software deliberately written by an engineer, though there was insufficient evidence to show Google’s intentions at corporate level. Failure to delete that data in breach of the undertakings to do so constitutes a breach of data protection principles which prohibits personal data being kept for longer than is necessary.

DPA failure breaches contract

A court in Scotland has decided that a breach of the Data Protection Act constituted a material breach of express terms in a

contract, entitling the other party to terminate. The court ruled that “any breach of a material term” meant any material breach, or possibly any repudiatory breach, though this did not mean that any breach would justify termination. In this particular case the breach impaired the ability of one party to perform an important part of the contract. The decision is a reminder of the importance of including in contracts an obligation to comply with all laws, specifying laws such as the Data Protection Act where particularly relevant, and the need to include suitable warranties and indemnities that personal data is being processed lawfully.

No to the third dimension

Nestlé has failed to register a three-dimensional trade mark in the form of its four-fingered KIT KAT bar for chocolate and other goods. The hearing officer upheld Cadbury’s opposition that the mark was not registrable (except in relation to cakes and pastries) as the shape of the goods was necessary to obtain a technical result. The presence and depth of the grooves was necessary to enable it to break (a technical result) and the other recognisable features of the shape resulted from the very nature of a moulded chocolate bar. None of the essential features of the shape were arbitrary, decorative or imaginative and the mark was devoid of distinctive character as the shape was within the norm or a mere variant of the common shapes for chocolate bars and biscuits. Nestlé’s argument that the mark had acquired distinctiveness also failed. While Nestlé had shown recognition of the mark amongst a significant proportion of the relevant public for chocolate confectionery, it had not shown that they had come to rely on the shape to identify the origin.