A case involving a former employee of a student housing company against his employer in Scotland is a rare example of the use of the legal proceedings exemption as a defence against an alleged breach of UK General Data Protection Regulation (GDPR) rules. The sheriff court in Scotland dismissed the case after the claimant’s allegations were found to be “lacking in specification” and “irrelevant”. However, Pinsent Masons data protection law specialist Kathryn Wynn said the decision provides helpful guidance for controllers regarding the extent they can rely on the legal proceedings exemption. Wynn said, “The decision makes it clear that the intention of the data protection laws is not to stand in the way of a fair trial or for controllers to ‘shoot themselves in the foot’ by deleting personal data or withholding personal data for fear of breaching the data protection laws.”
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 4,350 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.
