January 2018

All human beings have three lives: public, private, and secret. ― Gabriel García Márquez
The European Union's Court of Justice decision in Google Spain v Agencia Española de Protección de Datos, Mario Costeja González ("Google Spain") confirmed the “right to be forgotten” for European citizens. This right is further enshrined in the upcoming General Data Protection Regulations (GDPR). Accordingly, European data protection law grants individuals a qualified right to have personal data relating to them removed from search engines. This right is however considered by some to be a uniquely European phenomena, which resulted from one unusual CJEU judgement. Now, two upcoming cases against Google will be the first time in which the "right to be forgotten" will be considered by the English Courts.  Two unnamed claimants, known only as NT1 and NT2, are bringing a companion case against Google to enforce their right to be forgotten. (NT1 v Google and NT2 v Google,  [2018] EWHC 67 (QB) (Rev 3))

Silent Witness is a BBC crime drama about a team of forensic pathology experts and their investigations into various crimes – it's a bit like American hit shows Bones and Law & Order. In a recent episode, a cyber hacker steals the files of 30,000 patients from a hospital, and then extorts the hospital for payment. As medical secrets are leaked, several murders are tied to the data breach. In addition to the criminal investigations, boardroom drama ensues when the hospital chief is questioned about the (apparently awful) cyber security firm he selected. It was at this point that I turned to my husband in disbelief and said, "where on Earth is the hospital's data protection officer!?" Of course, television dramas are entitled their artistic licence. I'm not sure data protection officers make for enthralling plot devices, if I'm honest. But shows like this demonstrate just how mainstream data breaches, cyber security and hacking personal data have become. In fact, many non-lawyers are now familiar with at least some concept of data protection legislation. With just four months to go until the new General Data Protection Regulations ("GDPR") come into effect and replace the Data Protection Act 1998, here is a reminder as to when a private organisation is required by law to have a data protection officer ("DPO").

The UK's Digital Economy Act 2017 is to be amended by the Breaching Limits on Ticket Sales Regulations, which will criminalise use of internet bots to bypass limits on ticket purchases set by event organisers. 
In practice, the problem is not necessarily how the tickets are purchased - by bots or otherwise - but rather, the crazy prices fans are forced to pay on the secondary market. When tickets first go on sale for an event, they hit the primary market. If somebody resells their ticket, they do so on the secondary market. This secondary market is estimated to be worth more than £1bn ($1.4b) per year in the UK alone. When resales are done on a large scale or for considerable profit, it's known as "touting" or "scalping". Touting in the digital age.  "Bots" are software applications that run automated tasks (scripts) over the internet, used for years to quickly buy up thousands of tickets at lightening speed. By way of example, American company Prestige Entertainment is alleged to have bought over 300,000 tickets in a two-year period. This included 30,000 Hamilton Tickets and, in another instance, bought over 1,000 tickets to a U2 concert in less than one minute (see Ticketmaster v Prestige Entertainment, case 2:2017cv07232). High and dry.  When ticket supply is drastically limited, the bot masters ("power sellers") can resell the bot-obtained tickets to fans at high mark-ups. Tickets for Radiohead's 2016 show had a face value of £65, but were placed on Viagogo for £3,934. A ticket for Adele's concert in London was listed on Get Me In! for an eye-watering £24,840.

Before I started law school, I spoke to a lawyer at Universal Music about licensing, copyright, and other fascets of law pertaining to the music industry. Since becoming a lawyer myself, I'm even more fascinated by the ways in which commercial contracts, digital strategy, artists' rights and expression interact with and shape each other: Facebook's new global, multi-year agreements with Universal and Sony Music are perfect examples of such dynamism. Facebook first inked a deal with Universal Music in late December 2017. The deal with Sony,  the largest music publisher in the world, was announced on 9 January. These deals allow Facebook and Instagram users to upload homemade video clips containing songs owned by Universal or Sony, without generating a takedown notice.

I'm excited to announce that for the next six months, I'll be an intern blogger for the 1709 Blog - a website dedicated to all things copyright. If you are familiar with IPKat, you may recognise CopyKat posts. I should be writing at least once or twice