AddThis SmartLayers

Law Column: Could data protection be the new privacy?


Remember the Weller privacy case? That’s the privacy claim brought by Paul Weller against Associated Newspapers after photos of his children on a private family shopping trip in Santa Monica were published.

The photos appeared on the Mail Online, and Weller won the case because although the family were in a public place, it was a private family outing where the children had a reasonable expectation of privacy.

Now, compare that to the furore surrounding the use of Kai Rooney’s photograph on the front on the Sun following England’s premature exit from the Euros. Kai is visibly upset in the photo, and Colleen Rooney tweeted “Yes I’ve seen that front page and it’s absolutely shocking!!” upon seeing the coverage.

From a privacy point of view, the key difference between the Rooney incident and the Weller case is that Kai Rooney was at a public event when the photo was taken, and photos of him are regularly posted on social media by his parents. Therefore, whether he had a reasonable expectation of privacy is questionable to say the least.

However, as the eminent Hugh Tomlinson QC recently suggested, there is another potential legal angle – data protection.

It is true that, from a theoretical standpoint, people who find themselves in similar positions might also be able to turn to data protection laws for an avenue of recourse. Let me explain….

A photograph of an individual is undoubtedly “personal data” so will fall under the remit of data protection laws and taking, then publishing, the photo are acts of “data processing”, which makes the photographer and the newspaper “data controllers”.

I can hear you asking: “But what about S.32 of the Data Protection Act, and the much coveted journalism exemption?”

Well, unfortunately, it isn’t quite as clear cut as that. In order for the exemption to apply, the processing of the data (ie. the taking and publication of the photo) must be in the public interest.

That leaves us in a position where we have to ask: can the publisher reasonably believe that publishing a photo of a crying child is in the public interest? I don’t know the answer to that, but I think it is far from straightforward.

If it follows that the S.32 exemption does not apply, the data processor will need to comply with the long and complex rules contained in the Data Protection Act, which in most cases include only processing personal data with informed consent from the data subject.

And this is important because, as Mr Tomlinson helpfully reminds us, it is possible for individuals to claim damages as a result of a breach of the Data Protection Act, if the breach has caused them damage and/or distress.

So, the overall message has to be that when considering whether a potential story or photograph is a breach of privacy, journalists also need remember that the S.32 exemption only applies if the public interest test is met.

Whilst on the subject of data protection, the outgoing Information Commissioner (Christopher Graham) has now released his final Annual Report.

The headlines include:

  • Over 16,300 data protection complaints were made to the Information Commissioner’s Office (ICO) in 2015/16;
  • The ICO helpline received 204,700 calls during the same year; and
  • Monetary penalties totalling over £2.5million were issued for non-compliance.

Whilst the penalties mentioned above were not issued against publishers, the enormous numbers are evidence that people increasingly know about their data protection rights, and are not afraid to use them!