New York fashion student Rosemary Port has threatened to sue the search company for £9million for revealing her identity pursuant to a court order as alleged author of a particularly charming blog attack on a model calling her a “psychotic, lying, whoring…skank”.
For most UK data controllers despite there being several crime and law-enforcement exemptions under the Data Protection Act, these all require assessments which data controllers are not usually in an easy position to make (is the disclosure really “necessary” for example). The separate exemption of s.35(1) which relates to “disclosures required by law” has meant that data controllers have only really found comfort and certainty where they disclose details pursuant to a court order or rule of law. Should we be more worried now?
Hopefully not since at least in the UK we do have a clear exemption set out in the legislation and challenges to date have been made against the courts themselves rather than the disclosing entity. However, caution is still needed. The Information Commissioner has stated in previous guidance for example that an element of fairness can still be applied such as noting in terms and conditions that disclosures may be made. This is significant since one of Port’s complaints was that her expectation of privacy had been breached. It is also important, as with all requests for data, that the parameters and wording of a request are scrutinised and data controllers should consider whether any challenges to its scope are nonetheless required before assuming any reliance will be fine.