On March 16, David Carroll, a New York based American professor sued Cambridge Analytica (CA) in the U.K. courts, after the data analytics firm allegedly failed to respond to his request made pursuant to the U.K. Data Protection Act for his file of personal data held by CA, CA’s purpose for processing his data, and the persons and countries outside the E.U. with whom his data was shared.

Carroll had heard CA’s CEO reportedly bragged about the company having about 5,000 data points on each of the 230 million U.S. voters. Therefore, Carroll was surprised when the response to him included only about 200 data points. Carroll reports the response also inadequately described for Carroll where or how data about him was sourced and with whom his data was shared. The response led Carroll to believe his personal data was being processed in the U.K. which is why Carroll brought suit under UK data protection laws, which are typically more protective of personal data than U.S. data protection laws. Carroll’s request and the response to his request are posted to his twitter account @profcarroll.

This lawsuit was filed on the same day Facebook cut CA off from its advertising platform, on grounds that CA violated Facebook’s terms and conditions. For more details on the Facebook and CA brewing scandal, see [view related post].

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Kathleen Porter Kathleen Porter

Kathy Porter’s practice straddles the areas of intellectual property, business transactions, trade regulation, and Internet law and includes import/export control issues, such as compliance and enforcement, competition, privacy, and data security. She counsels businesses on the development and implementation of data security and…

Kathy Porter’s practice straddles the areas of intellectual property, business transactions, trade regulation, and Internet law and includes import/export control issues, such as compliance and enforcement, competition, privacy, and data security. She counsels businesses on the development and implementation of data security and privacy practices to comply with the patchwork of laws and rules applicable to the collection, use, safeguarding, sharing, and transfer of protected or personal data. She regularly structures arrangements with promoters, marketers, website exchanges, and other third parties for the purchase, sale, sharing, and safeguarding of personal data. Kathy prepares and negotiates representations, warranties, and indemnities regarding personal or protected data and privacy and data practices. She also assists clients with privacy audits and works with third-party certification organizations to obtain certification of companies’ privacy practices. She guides clients through internal investigations to assess and address notice and other obligations regarding privacy breaches. Kathy often works closely with our litigation attorneys to manage external investigations such as those by federal or state regulators. Read her rc.com bio here.