Search

How can we help?

Icon

Data Protection Round-up: Data privacy and Online Safety Bill

Lost employment records 

Employers with longstanding employees are likely to have changed record/filing systems over the employee’s length of service. Outside of the tribunal context, the increasing use of data subject access requests is leading to unwanted exposure of employers’ record keeping habits.

A recent case demonstrates the potentially costly outcome. In this case, Tesco and a former employee have settled a data breach claim for £3,000.00. During tribunal proceedings the employee requested copies of their employment records going back some 15 years.

These records included sensitive medical information such as notes from counselling sessions. However, when Tesco (her employer) attempted to find the information, they were unable to, despite extensive searches.

When it was discovered that the records were lost, the employee issued separate proceedings for a data breach. How can employers avoid costly claims?

Employers should ensure that their employee records and databases are kept in good workable, and retrievable, order.

Privacy expectations of video teleconferencing

The ICO has issued a joint statement on privacy expectations of video teleconferencing companies.

In July 2020, six global data protection authorities (those of Australia, Canada, Gibraltar, Hong Kong, China, Switzerland, and the UK) signed an open letter to five of the biggest video teleconferencing companies (inc. Microsoft, Google, and Zoom).

Given the rapid rise in use of such technology and the consequential exposure of personal data and the potential negation of other privacy rights, the signatories were keen to understand the measures and privacy safeguards the companies had in place.

The letter set out five guiding principles necessary to address the key privacy risks: Security, Privacy-by-design and default, Know your audience, Transparency and fairness, and End-user control.

The joint statement confirms that the letter has led to constructive engagement with each company setting out their approach to data protection and privacy and how they take each of the principles into account and the risks involved.

The joint statement further explores the privacy principles, and sets out further commentary and observations the signatories hope the companies will implement. Video teleconferencing is here to stay and we expect facilitators of such technology to be under increasing scrutiny.

Tesco and a former employee have settled a data breach claim for £3,000.00. During tribunal proceedings the employee requested copies of their employment records going back some 15 years.

DCMS responds to Freedom of Expression report

Back in May of this year, the Government published its Online Safety Bill. The purpose of the bill is to impose a duty of care on the companies that host user-generated content, and facilitate interaction between its users, to prevent exposure to illegal and harmful content.

Subsequently, in July, the House of Lords published its own report responding to the Bill and now the Department for Digital, Culture, Media and Sport has responded to the report. The response is comprehensive and thorough; read the full DCMS response to the House of Lords Communications Committee’s report on Freedom of Expression in the Digital Age (parliament.uk)In summary: 

  • On the subject of removing content, The House of Lords stated that they believe platforms’ approaches to misinformation are stifling freedom of speech and that posts should only be removed in exceptional circumstances. The DCMS confirmed that it would be up to the platforms to decide what is and is not acceptable on their services.  
  • The DCMS disagreed with the House of Lords that OFCOM should set strict timeframes for the removal of content that is clearly illegal. The DCMS believes that timeframes could have a negative impact on freedom of expression by incentivising over-removal of content without proper review.
  • The DCMS agrees with the House of Lords in that robust privacy standard should form part of a design duty. The DCMS goes onto confirm that such obligations are intended to work alongside existing data protection obligation.

The above, whilst only commentary on a draft bill gives us a good indication as to the Government’s digital direction, in particular their views on how online content is reviewed. 

 

Disclaimer
This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full General Notices on our website.

Author profile

About this article

Read, listen and watch our latest insights

Pub
  • 09 July 2026
  • Litigation and dispute resolution

The Arbitration Act 2025 – Factsheet

This factsheet outlines the major reforms and key developments introduced by the Arbitration Act 2025, including updates on summary disposal, jurisdictional challenges, emergency arbitrators, arbitrator disclosure duties, and governing law in arbitration proceedings.

art
  • 09 July 2026
  • Immigration

Right to Work Checks are changing from 1 October 2026: Is your business ready?

The Home Office’s new rules, effective 1 October 2026, will overhaul right to work checks and raise the risk of civil penalties for UK businesses.

art
  • 08 July 2026
  • Privacy and Data Protection

ICO prosecutes employee under the Data Protection Act for forwarding client data to his personal email address

The issue of employees taking confidential business information or personal data when moving to a new employer remains a significant concern for businesses.

Pub
  • 07 July 2026
  • Litigation and dispute resolution

Accelerating arbitration: Expedited procedures and key changes in the new ICC Rules – Episode 2

In episode 2, Jack Hobbs (Clarkslegal) and Christopher Howitt (Three Stone) explore how the latest expedited and highly expedited procedures under the ICC Arbitration Rules 2026 are transforming the landscape of dispute resolution.

art
  • 07 July 2026
  • Employment

6 month unfair dismissal rights: What employers need to know

Under the new Employment Rights Act 2025 the minimum period of service required to qualify to bring a statutory claim for unfair dismissal has been reduced from 2 full years to 6 months from 1 January 2027 onwards.  

art
  • 02 July 2026
  • Litigation and dispute resolution

Litigation and Artificial Intelligence: Where are we now?

In the recent case of Cork and another v Smith, the High Court publicly admonished a law firm and two of its solicitors after they had produced and submitted two AI-generated letters to the court containing misleading and false information in relation to a block transfer application made under Rule 12.37 of the Insolvency (England and Wales) Rules 2016.