Ed Sheeran wins Shape of You copyright case - a ‘note’ of caution

Blog | Intellectual Property

Share This

Ed Sheeran has had his day in the High Court and the judge has decided that his 2017 chart topper has not plagiarised the work of Sami Chokri.

Sheeran’s hit ‘Shape of You’ is one of the most played and downloaded songs of all time. It has been streamed more than three billion times on Spotify, and reputably generates over five million pounds per year from that platform alone. When a song is as successful as this, it becomes a tempting target for those who thinks they can rightfully claim a share of that success for themselves. If you have a legitimate case for copyright infringement, for the right song, pursuing a claim can be a very shrewd investment of time and legal fees. However, as we’ve seen here in the ruling, that investment is not without risk.

This High Court ruling may embolden artists to be more brazen in ‘taking inspiration’ from each other, without fearing the consequences of copyright infringement. While this makes the process of creating (and publishing) music easier, in some cases it might deprive smaller artists of income that should have gone to them.

It is rare for a copyright infringement case to get this far in court and it is a scenario that has plagued Sheeran before.  Often these cases reach an out of court settlement, as it’s usually a less expensive result for both parties. Clearly, in this instance, Chokri believed he had a strong case but unfortunately it wasn’t strong enough and he now faces a considerable legal bill.

This ruling indicates that the UK IP courts aren’t going to support US-style speculative litigation. It will take more than a short section of ‘basic minor pentatonic pattern’ which is ‘entirely commonplace’, to establish a successful claim of copyright infringement. All music is derivative to a certain extent. This ruling shows that clear similarities throughout two songs are needed to form a substantial case.

Copyright is designed to encourage creativity by rewarding original creators, and this case shows how the law attempts to balance the rights of creators at every stage in a song’s development.

Get In Contact

Isaac is a trainee solicitor working within the Intellectual Property team.

Intellectual Property

We have a proud history of success in acting for clients across a diverse range of goods and services.

Our Thoughts

All the latest thoughts and insights from our team

Intervention of Khokhar Solicitors

22 Jun

SRA Intervention

Intervention of Khokhar Solicitors

Devereux & Co has been closed down by the Solicitors Regulation Authority (‘the SRA’). […]

Read article Right Arrow

Shakespeare Martineau appoints expert director to company secretary team

20 Jun

Corporate & Commercial

Shakespeare Martineau appoints expert director to company secretary team

Shakespeare Martineau has appointed a new director to help grow and enhance the reputation […]

Read article Right Arrow

SHMA® On Demand

All the latest on-demand content

Agriculture: diversifying or leasing your land to create habitat banks

6 Jul

Peter Snodgrass, Partner & Head of Agriculture

Agriculture: diversifying or leasing your land to create habitat banks

We know that biodiversity net gains provide a significant opportunity for landowners to diversify […]

Register Right Arrow

Teachers’ Pension Scheme – strategic issues independent schools need to think about

20 Jul

Esther Maxwell, Legal Director | Emma Glazzard, Solicitor

Teachers’ Pension Scheme – strategic issues independent schools need to think about

Webinar Teachers’ Pension Scheme – strategic issues independent schools need to think about In […]

Register Right Arrow

Has the Supreme Court slammed the brakes on data protection claims?

New Legislation

Share This

Supreme Court and data protection

Over the last couple of years, we’ve seen a marked increase in the number of claims relating to data protection breaches.  

It’s easy to see why. When the GDPR was introduced a couple of years ago, people became more aware of their data rights than ever. It also used to be the case that a claimant could only seek damages for distress if the data breach also caused them a financial loss. But the court (and, latterly, Parliament) accepted this was prohibitive and introduced a free-standing right to claim for distress, widening the door for possible claimants to pursue damages.  

Lloyd v Google – opening the floodgates

And then came the seminal case of Lloyd v Google, where the Court of Appeal appeared to give the green light to claimants who had suffered neither financial loss nor distress as a result of a data breach. The case was brought by an individual, acting as a “representative” of all individual iPhone users who were affected by a Safari Workaround that was installed by Google on Apple iPhones in 2011-2012. The Workaround allowed Google to essentially profit from tracking the iPhone users’ internet habits and advertising targeted at users based on those habits. Around four million users were affected and the damages bill for Google could have run into the billions.  

At the High Court, Mr Lloyd was refused permission to serve his claim on Google (who are based outside of the jurisdiction). This decision was subsequently overturned by the Court of Appeal, which decided that a “loss of control” over an individual’s data could, of itself, give that individual a right to claim for damages, even if the data breach caused the victim no financial loss or distress. 

Some of the claims we’ve seen since the Court of Appeal decision have, it must be said, been speculative at best. Minor breaches where trivial data has been inadvertently disclosed suddenly attracted claims on the basis that “if there’s been a breach, I have lost control over my data so you’re liable, no matter what”. Inevitably, the Court of Appeal’s decision in Lloyd has been quoted at length to support this type of argument. 

Applying the Brakes

It was therefore with some trepidation that data controllers waited for the Supreme Court’s decision in Lloyd v Google, to see whether it would endorse the Court of Appeal’s view and open the floodgates even further. After around six months of waiting, the judgment was finally delivered w/c 8 November 2021. 

It will give data controllers some relief to hear that the Supreme Court has retreated from the view given by the Court of Appeal. It has expressly stated that section 13 of the Data Protection Act 1998 “cannot reasonably be interpreted as giving an individual a right to compensation without material damage or distress whenever a data controller commits a non-trivial breach of any requirement of the Act in relation to any personal data of which that individual is the subject”. So the Supreme Court has clarified the position: under the DPA 1998, a claimant must be able to show that they suffered financial loss and/or distress as a result of a data breach. The simple loss of control of data is not enough on its own.  

Although the decision was made in relation to the DPA 1998, the wording of the DPA 2018 is not significantly different, so it’s likely that the current legislation would be interpreted in the same way. While claimants are not prevented from seeking “loss of control” damages in a tortious claim of Misuse of Private Information (“MPI”), these claims are harder to establish and are unlikely to succeed where the data disclosed is trivial in nature. 

As for the way the claim was brought, the Supreme Court found that an individualised assessment of damages could not be conducted in a representative action. It was up to Mr Lloyd to seek a declaration that Google had breached the DPA 1998 with damages left to be assessed by individualised assessment. He chose not to adopt that two-stage approach. As such, the conditions for bringing a representative action have not been established and Mr Lloyd has been denied permission to serve his claim on Google. As a result, the claim is now over.  

Is this a victory for data controllers?

Overall, the outcome is undoubtedly a victory for data controllers who could potentially face huge representative actions. The brakes on those types of cases have – for now - been applied.  

As for the lower value, “any breach leads to a claim” type of cases that we’ve seen a lot of recently, the Supreme Court decision will now require a claimant to show they have suffered financial loss and/or distress (by which we mean, some sort of mental distress caused by the disclosure of their data). This ought to make it easier for trivial claims to be rejected. It’s unlikely that the threat will evaporate all together, however, with claimants still able to rely on “distress” to claim damages and alternative claims for MPI still being available.  

With further, high profile, data protection cases waiting to be heard, it remains to be seen whether and how claimants will seek alternative ways to pursue data protection and privacy claims and how Lloyd will limit representative claims in the future. Practitioners will be keenly watching this space to see what the long term consequences of the Lloyd v Google decision may be.  

If you have any queries regarding your role as a controller or processor of data or have any concerns about data security and breaches contact Catherine Savage or another member of the litigation team.

Get In Contact

Catherine specialises in academic litigation. She has extensive experience of representing education clients in discrimination claims and judicial review applications.

Education Law

Working with higher and further education institutions, independent providers, academies, and schools, our full-service team can advise on any legal issue that an education institution may have.

Our Thoughts

All the latest thoughts and insights from our team

Intervention of Khokhar Solicitors

22 Jun

SRA Intervention

Intervention of Khokhar Solicitors

Devereux & Co has been closed down by the Solicitors Regulation Authority (‘the SRA’). […]

Read article Right Arrow

Shakespeare Martineau appoints expert director to company secretary team

20 Jun

Corporate & Commercial

Shakespeare Martineau appoints expert director to company secretary team

Shakespeare Martineau has appointed a new director to help grow and enhance the reputation […]

Read article Right Arrow

SHMA® On Demand

All the latest on-demand content

Agriculture: diversifying or leasing your land to create habitat banks

6 Jul

Peter Snodgrass, Partner & Head of Agriculture

Agriculture: diversifying or leasing your land to create habitat banks

We know that biodiversity net gains provide a significant opportunity for landowners to diversify […]

Register Right Arrow

Teachers’ Pension Scheme – strategic issues independent schools need to think about

20 Jul

Esther Maxwell, Legal Director | Emma Glazzard, Solicitor

Teachers’ Pension Scheme – strategic issues independent schools need to think about

Webinar Teachers’ Pension Scheme – strategic issues independent schools need to think about In […]

Register Right Arrow

ICO consults on new way forward for international data transfers

Blog

Share This

International Data Transfers

The ICO’s consultation process on international data transfers is currently underway, as part of the UK’s first post-Brexit step to legitimise international transfers of personal data out of the UK.  

The consultation is important for education institutions and particularly relevant to any university or college that transfers personal data outside the UK, EEA or those countries which the UK has confirmed provide adequate protection for personal data.  

Scope of the ICO consultation

The ICO’s consultation is split into the following three sections: 

  1. International Data Transfer Agreement (“IDTA”) 

    The IDTA is the ICO’s draft document which UK education institutions will need to implement when transferring personal data outside of the UK (available here). 

    The IDTA, which will replace the current set of Standard Contractual Clauses (“SCCs”) for transfers of personal data from the UK, consolidates the full range of SCCs that may be required into one document. The IDTA caters for controller-processor, controller-controller and processor-processor; but notably it does not provide for processor-controller scenarios in the same manner as the new EU SCCs. The IDTA includes four parts: 

    • template tables to be populated for each relevant transfer, capturing specific information about the parties, for example the names of the parties, the details of the personal data transferred and any security requirements; 
    • optional extra protection clauses, such as additional technical security protections, organisational protections or contractual protections; 
    • optional commercial clauses agreed between the parties, provided that these do not contradict the IDTA; and 
    • a set of mandatory clauses, which must be adopted in their entirety except only to remove sections that the parties explicitly agree to omit, adapt cross-referencing and add more parties to the IDTA. 
  2. A UK Addendum

    The ICO has produced a UK addendum for inclusion to the European Commission’s standard contractual clauses (available here). The UK Addendum can be used as an alternative to the IDTA and substitutes references to the EU GDPR with UK GDPR and addresses issues such as governing law and choice of forum and jurisdiction for disputesThis will be invaluable for institutions that are routinely making data transfers to international campuses or partnersthe UK Addendum allows you to use just one set of SCCs (the EC SCCs along with the UK Addendum) to cover both transfers, avoiding the need to use both the EC SCCs and the UK IDTAthereby simplifying the contractual process. The inclusion of the UK Addendum undoubtedly shows the ICO’s willingness to integrate with global privacy positions. 

  3. Risk Assessment Guidance

    The ICO’s guidance on international data transfers has been produced in response to Schrems II, in order to assist organisations with carrying out a transfer risk assessment. The guidance includes a practical and user-friendly draft TRA tool (available here). It is designed to be used alongside the IDTA to evaluate risks associated with personal data transfers to third countries, with clear examples of the criteria to take into account, decision trees, risk factors, and mitigations that institutions can apply when undertaking a risk assessment.  

    The draft risk assessment tool takes into account three steps to evaluate the risk: 

    • appraise the transfer itself (e.g. consider the purpose of the transfer, types of personal data and categories of data subjects); 
    • assess if the IDTA is likely to be enforceable in the destination country; and 
    • consider whether there is appropriate protection for the data from third-party access.  

What does this mean for education institutions?

The new IDTA and risk assessment guidance is welcome news for UK-based institutions, particularly those that have international campuses or partners and act as both controllers and processors. The consultation provides some certainty on the approach to data transfers from the UK post-Brexit and supports planning around refreshing the SCCs. 

For the time being, the trans risk assessment and IDTA are in draft form pending completion of the consultation; following which proposals will be laid before parliament 

Institutions should continue to review international data flows, transfers under the existing SCCs and current practices and consider the changes that may be required. 

For further information on this consultation and the impact it could have for institutions, contact Isabelle Hugh-Jones or another member of the education team. 

Get In Contact

Isabelle has recently qualified as a solicitor in the Commercial and IP team and advises clients on a wide variety of commercial matters including commercial contracts, intellectual property, IT and data protection.

Related articles
Related services

With a long-standing involvement in and commitment to the education law sector, our team have extensive experience across all legal issues that affect education institutions. guiding and supporting our clients through challenges and opportunities.

Working with higher and further education institutions, independent providers, academies, and schools, our full-service team can advise on any legal issue that an education institution may have.

Our Thoughts

All the latest thoughts and insights from our team

Intervention of Khokhar Solicitors

22 Jun

SRA Intervention

Intervention of Khokhar Solicitors

Devereux & Co has been closed down by the Solicitors Regulation Authority (‘the SRA’). […]

Read article Right Arrow

Shakespeare Martineau appoints expert director to company secretary team

20 Jun

Corporate & Commercial

Shakespeare Martineau appoints expert director to company secretary team

Shakespeare Martineau has appointed a new director to help grow and enhance the reputation […]

Read article Right Arrow

SHMA® On Demand

All the latest on-demand content

Agriculture: diversifying or leasing your land to create habitat banks

6 Jul

Peter Snodgrass, Partner & Head of Agriculture

Agriculture: diversifying or leasing your land to create habitat banks

We know that biodiversity net gains provide a significant opportunity for landowners to diversify […]

Register Right Arrow

Teachers’ Pension Scheme – strategic issues independent schools need to think about

20 Jul

Esther Maxwell, Legal Director | Emma Glazzard, Solicitor

Teachers’ Pension Scheme – strategic issues independent schools need to think about

Webinar Teachers’ Pension Scheme – strategic issues independent schools need to think about In […]

Register Right Arrow