Emma Louise Johnson – Court Ruling (United Kingdom, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A UK court case involved a social housing provider accidentally sharing a tenant's rent statement with a third party. The tenant, who had moved to escape an abusive relationship, was worried about their privacy. The court found no damages were owed, but the case highlights the importance of handling personal data carefully.
What happened
A social housing provider accidentally emailed a tenant's rent statement to a third party.
Who was affected
A tenant whose rent statement, including their name and email address, was mistakenly shared.
What the authority found
The court ruled that the tenant was not entitled to damages as the error did not cause significant harm.
Why this matters
This case underscores the need for organizations to ensure data protection measures are in place to prevent accidental disclosures. It also shows that courts may not award damages if the data breach is deemed minor.
GDPR Articles Cited
National Law Articles
The defendant is a provider of social housing, the claimant is one of its tenants. A third party requested a rent statement from the defendant. In response to the request, the defendant sent a compilation of 6,941 pages unrelated rent statements by e-mail to the third party. The e-mail also included two pages of the claimant's rent statement with name, email address, and recent rent payments made to the defendant. The inadvertent disclosure was to a single person who immediately notified the defendant of the error and was asked by the defendant to delete the e-mail. Subsequently, the defendant informed the claimant of the error and the fact that the recipient had deleted the information. The matter was also reported to the Information Commissioner's Office, who confirmed that no action was required or would be taken as a result of the inadvertent data breach. At the time of the disclosure the claimant moved home to escape an abusive relationship and was concerned that the address would somehow become known to the claimant’s former partner. The claimant brought the case to the High Court and claimed “damages for Misuse of Private Information, Breach of Confidence and Negligence, together with damages for breach of Article 8 ECHR rights as incorportated in the HRA 1998 as well as damages pursuant to Article 82 GDPR and damages pursuant to section 169 of the Data Protection Act 2018. (…) Further, the Claimant claims injunctive relief to prevent the recurrence of this type of breach and declaratory relief stating that the Defendant has breached the principles enshrined in the abovementioned legislation." In support for issuing the case in High Court, the claimant argued that the matter concerned an evolving area of law which required elaborate and complex legal reasoning. The defendant denied that the claimant is entitled to any damages at all or any other relief because the claimant suffered no loss or damage above the de minimis threshold. The defendant applied to st
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Violations (1)
Third-party tracking cookies or scripts are loaded without obtaining prior user consent.
Art. 13, 14 GDPR
Related Cases (0)
No other cases found for Emma Louise Johnson in UK
This is the only recorded case for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
About this data
Cite as: Cookie Fines. Emma Louise Johnson - United Kingdom (2021). Retrieved from cookiefines.eu
Last updated: