Google prepares for the first “Right to Be Forgotten” trials in England

All human beings have three lives: public, private, and secret.
― Gabriel García Márquez

The European Union’s Court of Justice decision in Google Spain v Agencia Española de Protección de Datos, Mario Costeja González (“Google Spain”) confirmed the “right to be forgotten” for European citizens. This right is further enshrined in the upcoming General Data Protection Regulations (GDPR). Accordingly, European data protection law grants individuals a qualified right to have personal data relating to them removed from search engines.

This right is however considered by some to be a uniquely European phenomena, which resulted from one unusual CJEU judgement. Now, two upcoming cases against Google will be the first time in which the “right to be forgotten” will be considered by the English Courts. 

Two unnamed claimants, known only as NT1 and NT2, are bringing a companion case against Google to enforce their right to be forgotten. (NT1 v Google and NT2 v Google,  [2018] EWHC 67 (QB) (Rev 3))

Silent Witness: silent on data protection officers

Silent Witness is a BBC crime drama about a team of forensic pathology experts and their investigations into various crimes – it’s a bit like American hit shows Bones and Law & Order. In a recent episode, a cyber hacker steals the files of 30,000 patients from a hospital, and then extorts the hospital for payment. As medical secrets are leaked, several murders are tied to the data breach.

In addition to the criminal investigations, boardroom drama ensues when the hospital chief is questioned about the (apparently awful) cyber security firm he selected. It was at this point that I turned to my husband in disbelief and said, “where on Earth is the hospital’s data protection officer!?”

Of course, television dramas are entitled their artistic licence. I’m not sure data protection officers make for enthralling plot devices, if I’m honest. But shows like this demonstrate just how mainstream data breaches, cyber security and hacking personal data have become. In fact, many non-lawyers are now familiar with at least some concept of data protection legislation.

With just four months to go until the new General Data Protection Regulations (“GDPR”) come into effect and replace the Data Protection Act 1998, here is a reminder as to when a private organisation is required by law to have a data protection officer (“DPO”).

A Soundtrack for Data Security

So much of the explosion in innovation in the music industry is around technological processes. But artists still need to focus on their art. To do so, they need to surround themselves with tech-savvy people. And hire a good lawyer.
– Gigi Johnson, Director of the Center for Music Innovation, University of California Los Angeles

Privacy policies are painful to read, not least because they’re very technical, boring, and long. According to a recent study, if the average person read every privacy policy for each website they visited in a given year, it would take approximately 244 hours, or 40 minutes each and every day. In spite of this, privacy policies have begun to attract mainstream attention.

photo Doran Hannes (500px)

Cyber security gets Hollywood makeover

Hacking is a major issue for many industries – but Hollywood is an especially tempting target. The new Entertainment Security Operations Center in Los Angeles hopes to provide a secure system for studios to control their valuable creative content.

HBO, Sony Pictures, and Netflix have all been hacked in major security breaches. In addition to embarrassing information being made public and loss of consumer confidence, infiltration can cost a film or television company big bucks. According to a Carnegie Mellon University study, films leaked online before official release can lose nearly 20% of their box office revenue. Furthermore, paid subscriptions for Netflix or HBO become less appealing to viewers if they can simply watch their favourite shows elsewhere for free.

Why is Hollywood so poorly equipped to safeguard itself from data breaches? Outsourcing may be partially to blame. Special effects, musical scores, set engineering, and technicians are often provided by independent contractors and freelancers. While workers could be brought in-house, doing so would be expensive and limit flexibility when sourcing the best talent. Unfortunately, many of these small firms and individuals simply lack the resources to defend against sophisticated attacks. As a result, the hundreds or even thousands of people working on a project’s creation and distribution become security risks.

GDPR Spotlight on media platforms

Personal Data has been Hollywood’s rising star over the last few years. But will the introduction of Europe’s new General Data Protection Regulations steal the spotlight?

I had a bit of a migraine this weekend, so I spent the better part of the last two days on the couch watching Narcos and a few period costume dramas on Netflix. As I scrolled through the recommendations deciding what to watch, I smiled to myself thinking of how confusing my behaviours must appear to the algorithms used by Netflix. My tastes vary from watching FBI agents in 1970s Columbia, to Miss Elinor Dashwood in rural Georgian England.

Me Before You is apparently a 95% match to my preferences, despite being a film I have no desire to see. On the other hand, Blackfish, the whale documentary I’ve seen three times, is only a 54% match. Of course, Netflix only knows what my online behaviour reflects. And while it may not be perfect, when my behaviour is combined with my personal data, Netflix recommendations are fairly accurate most of the time. The advancement in behavioural analytics is big business in the world of media consumption – and it’s only getting bigger.