Privacy and misuse of private information

Copyright © 2025 LexisNexis

Privacy law in the UK comprises several elements:

  1. the right to a private and family life provided for in Article 8 of the European Convention on Human Rights (ECHR), incorporated into UK law by the Human Rights Act 1998 (HRA 1998)

  2. the tort of misuse of private information, which protects citizens from unwarranted intrusion (Campbell v MGN), and

  3. provisions dealing with the protection of privacy in the Protection from Harassment Act 1997 (PHA 1997)

There is no single, overarching right to privacy in English law. However, the HRA 1998 and the incorporation of Article 8 of the ECHR into domestic law mean that aspects of private life can be protected from unwarranted intrusion.

Brexit

Assimilated law is the name given to retained EU law (REUL) which remains in force after the end of 2023. The re-categorisation of REUL (and associated terms) to assimilated law reflects a change in its status and treatment under UK law, in that it is generally to be interpreted according to ordinary domestic law and principles.

From 1 January

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

Existing user? Sign-in TAKE A FREE TRIAL
Powered by Lexis+®
Latest Information Law News

ICO releases new guidance on anonymisation and pseudonymisation techniques

The Information Commissioner's Office (ICO) has published comprehensive guidance on anonymisation and pseudonymisation techniques on 28 March 2025, accompanied by a webinar scheduled for 22 May 2025. The guidance explains anonymisation and pseudonymisation concepts, outlines data protection obligations, and provides practical advice on implementing appropriate technical measures. It specifically addresses organisations using or considering anonymising personal data, including artificial intelligence developers, and details risk mitigation strategies for protecting individual privacy.

Automated decision-making and DSARs: right to access means a right to explainability (CK v Magistrat Der Stadt Wiendun & Bradstreet Austria GMBH)

Information Law analysis: The Court of Justice provided several clarifications around the scope of data subject access requests (DSARs) in the context of automated decision-making. The court held the determining factor for whether information constitutes ‘meaningful information about the logic involved’ under Article 15(1)(h) of the EU’s General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR) is whether the information enables the data subject to understand the logic involved in automated decision-making involving their personal data. The court also held disclosure by controllers should be underpinned by the principles of transparency, which requires information to be clear, accessible and intelligible, both in terms of content and form, from the perspective of data subjects. In the context of automated decision-making this doesn’t necessarily mean providing the exact algorithm, if it doesn’t help the data subject’s understanding of the ‘how’. The court confirmed DSARs do not mandate the disclosure of trade secrets, but this can only be decided by the relevant supervisory authority or competent court, after assessing all relevant information provided to them by a controller. The protection of trade secrets cannot be used as a blanket excuse by businesses to withhold certain information from individuals making a request under Article 15(1)(h) of the EU GDPR. Written by Marija Nonkovic, associate at Kemp IT Law LLP.

NCSC releases new principles for privileged access workstation implementation

The National Cyber Security Centre (NCSC) has published new principles for implementing privileged access workstations (PAWs). The principles provide organisations with guidance on establishing restricted workstations for accessing high-risk systems. The guidance emphasises that PAWs should be implemented as part of broader security controls, with focus on establishing trust through auditable systems and validated controls. The principles aim to help organisations protect against privilege escalation and reduce vulnerability to cyber attacks through administrative interfaces.

Information Law weekly highlights—27 March 2025

Welcome to this week’s edition of the Information Law weekly highlights: a hand-picked summary of news analysis, updates and new content related to laws governing the use and dissemination of information and personal data. Each week these highlights focus on developments in key topics such as data protection, ePrivacy, cybersecurity, breach of confidence, misuse of private information, and defamation.

View Information Law by content type :
News
Practice notes
Precedents
Q&As

Popular documents

Privacy law—misuse of private information

Privacy law—misuse of private informationSTOP PRESS—Impact of the Retained EU Law (Revocation and Reform) Act 2023: This document contains references to retained EU law (REUL) and associated terms introduced by the European Union (Withdrawal) Act 2018 in connection with Brexit. From 1 January 2024,

If planning permission imposes restrictions on a licensed premises opening hours, once operational can

If planning permission imposes restrictions on a licensed premises opening hours, once operational can the personal licence holder apply for a Temporary Events Notice (TEN) to open for longer hours than those permitted in the planning permission?To use any property for a licensable activity both

Early leavers—preservation

Early leavers—preservationFORTHCOMING DEVELOPMENT: Section 10 of the Finance Act 2022 will increase the normal minimum pension age (NMPA) from 55 to 57 on 6 April 2028 (save for members of the firefighters, police and armed forces public service pension schemes).The Finance Act 2022 will also give

Brussels I (recast)—domicile (Arts 4 and 63) [Archived]

Brussels I (recast)—domicile (Arts 4 and 63) [Archived]ARCHIVED: This Practice Note has been archived and is not maintained.This Practice Note considers the general rule set out in Article 4 of Regulation (EU) 1215/2012, Brussels I (recast) when determining the relevance of a defendant’s domicile to
Privacy law—misuse of private information

Privacy law—misuse of private information

Privacy law—misuse of private informationSTOP PRESS—Impact of the Retained EU Law (Revocation and Reform) Act 2023: This document contains references to retained EU law (REUL) and associated terms introduced by the European Union (Withdrawal) Act 2018 in connection with Brexit. From 1 January 2024,

If planning permission imposes restrictions on a licensed premises opening hours, once operational can

If planning permission imposes restrictions on a licensed premises opening hours, once operational can

If planning permission imposes restrictions on a licensed premises opening hours, once operational can the personal licence holder apply for a Temporary Events Notice (TEN) to open for longer hours than those permitted in the planning permission?To use any property for a licensable activity both

Early leavers—preservation

Early leavers—preservation

Early leavers—preservationFORTHCOMING DEVELOPMENT: Section 10 of the Finance Act 2022 will increase the normal minimum pension age (NMPA) from 55 to 57 on 6 April 2028 (save for members of the firefighters, police and armed forces public service pension schemes).The Finance Act 2022 will also give

Brussels I (recast)—domicile (Arts 4 and 63) [Archived]

Brussels I (recast)—domicile (Arts 4 and 63) [Archived]

Brussels I (recast)—domicile (Arts 4 and 63) [Archived]ARCHIVED: This Practice Note has been archived and is not maintained.This Practice Note considers the general rule set out in Article 4 of Regulation (EU) 1215/2012, Brussels I (recast) when determining the relevance of a defendant’s domicile to