Protecting private information in the digital era: making the most effective use of the availability of the actions under the GDPR/DPA and the tort of misuse of private information

Abstract

Globally, enhanced data protection schemes are being introduced in the face of threats to privacy in the digital era. In England and Wales protection from one such threat – from unconsented-to disclosures of private information online - is covered by both the established tort of misuse of private information and a recently enhanced data protection scheme, arising under the GDPR, providing in particular the right to erasure. The previous scheme ran alongside the tort, in an uneasy relationship which until recently saw its marginalisation in the privacy context under consideration, with the result that the data protection jurisprudence in this context is impoverished, while the tort jurisprudence and scholarship has flourished. This article argues that merely noting that the two causes of action are available and may arise in the same claim provides a limited response. With the advent of the UK GDPR, and the rise in the dangers to protection of private information posed by the ‘tech’ companies, it presents a new argument in opposition to the two separate silos into which scholarship in this area has fallen, and, more importantly, in favour of the opportunities the two actions provide for addressing the range and variety of privacy claims, especially against online ‘intermediaries’, including from non-celebrities. To that end it probes the differences between the designs of the key elements of the two actions which might render one more apt or able to provide privacy protection, depending on the situation, than the other, especially in the online context. It also considers as a warning potentialities within both that could detract from their efficacy.