Galloway v Frazer & Others – A Glimpse To The Future Of Data Protection Litigation

RS
Reed Smith (Worldwide)

Contributor

Reed Smith (Worldwide) logo
Reed Smith is a dynamic international law firm helping clients move their businesses forward. By delivering smart, creative legal services, we enrich clients' experiences with us and support achievement of their business goals. Our longstanding relationships and collaborative structure enable the speedy resolution of complex disputes, transactions, and regulatory matters.
The claims relate to three videos uploaded to Google's YouTube platform by William Frazer. It was claimed that these videos had been uploaded unlawfully.
United Kingdom Privacy

On 27 January, the High Court of Northern Ireland granted British MP George Galloway leave to serve proceedings on Google Inc. out of the jurisdiction. The application was based on a variety of claims including libel, harassment, misuse of private information, and unlawful data processing under the Data Protection Act 1998 (the Act).

The claims relate to three videos uploaded to Google's YouTube platform by William Frazer. It was claimed that these videos had been uploaded unlawfully. The court stated that there could be no doubt that one of the three videos contained sensitive personal data, but that the question of whether Google was a data processor or data controller would be a "fact specific investigation" which would have to wait until full trial. The view was expressed in the judgment that "[T]he facts as presently put before the court would suggest that Google will not find it easy to defend this claim if it is found to be a data controller."

This aspect of the judgment highlights a major change to the existing data protection regime which will be brought about by the General Data Protection Regulation (GDPR) once in full force in May 2018. Whereas data subjects can currently only bring an action against data controllers under section 13 of the Act, the GDPR will grant data subjects the right to "an effective judicial remedy" for infringements of their rights under the GDPR which may be exercised against both controllers and processors. Processors may be liable for damage caused by processing which does not comply with the obligations specific to processors under the GDPR, or where they process personal data contrary to the instructions of a controller.

While much speculation has abounded over the ways that Data Protection Authorities may wield their increased enforcement powers, a key risk that organisations should consider is the potential consequences of a court action brought by an aggrieved data subject. To begin to guard against this risk, both controllers and processors should take steps such as reviewing processing agreements to ensure that instructions are drafted in an appropriate amount of detail.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More