Catagory:Litigation of Data Breaches

1
Higher Regional Court of Hamm (Germany): Claims for Moral Damages Under Art. 82 GDPR are Assignable – German Class Actions Coming?
2
ICO Introduces Consultation Series on Data Protection and Generative AI
3
UK’s top Websites Receive Cookie Warnings from the Information Commissioner
4
Privacy Awareness Week Part II- Get in the know and get privacy right
5
Privacy Awareness Week Part I- The state of play
6
Proposed cyber ransom bans predicted to cause “catastrophic damage”
7
Optus faces the mother-of-all data breach class actions
8
Facebook’s face-off with the OAIC to proceed says High Court of Australia
9
New Privacy Enforcement Act commences in Australia
10
Update from the Australia/New Zealand privacy conference and the changes to Australian privacy and cybersecurity laws

Higher Regional Court of Hamm (Germany): Claims for Moral Damages Under Art. 82 GDPR are Assignable – German Class Actions Coming?

By Dr. Thomas Nietsch and Andreas Müller

On July 24, 2024, the OLG Hamm ruled that claims for moral damages under Art. 82 GDPR are generally assignable (case number: 11 U 69/23).

Read More

ICO Introduces Consultation Series on Data Protection and Generative AI

By Claude-Étienne Armingaud & Sophie Verstraeten

The Information Commissioner’s Office (ICO) recently launched a consultation series on how data protection laws should apply to the development and use of generative AI models (“Gen AI”). In the coming months, the ICO will publish further views on how to interpret specific requirements of UK GDPR and Part 2 of the DPA 2018 in relation to Gen AI. This first part of the consultation focusses on whether it is lawful to train Gen AI on personal data scraped from the web. The consultation seeks feedback from stakeholders with an interest in Gen AI.

Read More

UK’s top Websites Receive Cookie Warnings from the Information Commissioner

By Claude-Étienne Armingaud and Sophie Verstraeten

The UK’s Information Commissioner (the “ICO”) has recently sent warnings to the UK’s most visited websites to inform them that they may face enforcement action if they do not make changes to their cookie banner to ensure compliance with UK data protection law. For example, some websites warned by the ICO do not provide their user with a fair choice on tracking for personalised advertising. This position aligns with the EU’s stance, noting France (see prior Alert here).

Read More

Privacy Awareness Week Part II- Get in the know and get privacy right

By Cameron Abbott, Rob Pulham, and Stephanie Mayhew

With the cyber threat landscape significantly evolving, we are seeing companies – large and small – experience attacks. Recent high-profile attacks have shown that these breaches are alarming, targeting a range of sectors. With millions of Australians more concerned about their privacy than ever before, the federal government is making privacy a priority with the Attorney-General’s Department recently releasing 116 recommendations to amend the Privacy Act. The federal government has also made proposals to consider a new Cyber Security Act and strengthen existing laws around this space. 

Read More

Privacy Awareness Week Part I- The state of play

By Cameron Abbott, Rob Pulham, and Stephanie Mayhew

The theme of this year’s Privacy Awareness Week (PAW) is “back to basics”. It’s fitting to consider some lessons arising from recent high-profile breaches affecting millions of Australians, and the consistent messages we’ve been hearing from the Australian Information Commissioner in the midst of those incidents.

Data breaches can happen to anyone. We know cyberattacks can be big business, and sophisticated criminal networks make a good living from these. And if your organisation has taken reasonable steps to avoid or mitigate such breaches, the fact you’ve encountered one will not, of itself, be held against you.

Read More

Proposed cyber ransom bans predicted to cause “catastrophic damage”

By Cameron AbbottRob PulhamStephanie Mayhew and Dadar Ahmadi-Pirshahid

We saw last year how low hackers are willing to stoop to shame companies into paying ransoms, including leaking sensitive information aimed at embarrassing individuals affected by data breaches. As a result we also saw prominent calls for ransom payments to be ‘banned’, to reduce the financial incentives for hackers to target Australians’ personal information.

We are now hearing the flipside to that argument, with AGL Energy warning that a government-imposed ban on companies paying cyber ransoms to hackers could cause “catastrophic damage”.

Read More

Optus faces the mother-of-all data breach class actions

By Cameron Abbott, Rob Pulham, Stephanie Mayhew and Dadar Ahmadi-Pirshahid

The data breach that affected 9.8 million Australians and resulted in the personal information of 10,000 Optus customers being exposed on the dark web in September last year will be litigated in a class action lawsuit filed last Friday (21 April) in the Federal Court of Australia.

Read More

Facebook’s face-off with the OAIC to proceed says High Court of Australia

By Cameron Abbott, Rob Pulham, Stephanie Mayhew and Dadar Ahmadi-Pirshahid

Proceedings led by the Office of the Australian Information Commissioner (OAIC) against Facebook, Inc. (Facebook) for their role in the Cambridge Analytica scandal will finally proceed in the Federal Court of Australia.

Read More

New Privacy Enforcement Act commences in Australia

By Cameron Abbott, Rob Pulham and Stephanie Mayhew

As of yesterday, the Privacy Legislation Amendment (Enforcement and Other Measures) Act 2022 (Privacy Enforcement Act) is now in effect after receiving Royal Assent on 12 December 2022.

As we have previously shared, the Privacy Enforcement Act increases the maximum penalties for serious or repeated privacy breaches. For body corporates/organisations this increases the penalty from the current $2.22 million to whichever is the greater of:

Read More

Update from the Australia/New Zealand privacy conference and the changes to Australian privacy and cybersecurity laws

By Cameron Abbott, Rob Pulham and Stephanie Mayhew

We’ve just returned from the annual iapp Australia/New Zealand privacy conference held in Sydney this week, and it was a whirlwind. Even if you’re not one of around half of Australians affected by two of the biggest data breaches in our recent history, you’ll be aware a lot is changing – and a lot more is poised to change – in this space.

We’ll be blogging over the coming weeks about some of the key themes and changes your organisation will need to prepare for, including:

– new regulatory enforcement tools

– higher expectations of the way personal information is collected and secured, and when it needs to be destroyed

– potential removal of key exemptions such as the employee records exemption that your business may currently rely on,

– and of course the major penalty increases that seek to deter privacy breaches being viewed as ‘the cost of doing business’,

as Australia tightens the protections around the collection and use of Australians’ personal information.

Stay tuned!

Copyright © 2024, K&L Gates LLP. All Rights Reserved.