Privacy and misuse of private information

Privacy law in the UK comprises several elements:

•
the right to respect for a private and family life in Article 8 of the European Convention on Human Rights (ECHR), incorporated into UK law by the Human Rights Act 1998 (HRA 1998)
•
the tort of misuse of private information, which protects citizens from unwarranted intrusion (Campbell v MGN), and
•
provisions in the Protection from Harassment Act 1997 (PHA 1997), which protect individual privacy

There is no single, overarching right to privacy in English law. However, HRA 1998 and the incorporation of Article 8 of the ECHR into domestic law mean that aspects of private life can be protected from unwarranted intrusion.

Right to a private and family life

Article 8(1) of the ECHR protects a person’s right ‘to respect for his private and family life, his home and his correspondence’. Underlying this right is the value attached by society to human dignity and autonomy; the effective protection of Article 8 rights enables individuals to pursue their own lives and to form relationships.

The Strasbourg jurisprudence

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

TAKE A FREE TRIAL

Latest Information Law News

EDPB and EDPS adopt joint opinion on EU Cybersecurity Act and NIS2 amendments

The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) have adopted Joint Opinion 4/2026 assessing the European Commission’s proposals for a revised EU Cybersecurity Act and amendments to the EU NIS 2 Directive (NIS2), following a formal consultation. They supported the overall objectives of strengthening the European Union Agency for Cybersecurity’s (ENISA’s) role, reviving the European cybersecurity certification framework, simplifying compliance, and addressing information and communication technology (ICT) supply chain risks, while underlining that cybersecurity measures must remain necessary and proportionate to avoid undue interference with privacy and data protection. They welcomed improved cooperation mechanisms and a single-entry point for incident and personal data breach reporting. They recommended safeguards where ENISA processes personal data, including clear legislative limits and prior EDPS consultation, extending the European Cybersecurity Skills Framework to the general workforce, clarifying links with EU General Data Protection Regulation certification, supporting ICT supply chain measures and the designation of digital identity and business wallet providers as essential entities, and ensuring safeguards for ransomware reporting.

EDPB launches 2026 coordinated enforcement action on EU GDPR transparency obligations

The European Data Protection Board (EDPB) has launched its Coordinated Enforcement Framework for 2026, focusing on compliance with transparency and information obligations under the EU General Data Protection Regulation (GDPR). National data protection authorities (DPAs) will assess how controllers comply with transparency obligations set out in Articles 12–14 of the GDPR, which are intended to ensure individuals are informed about how their personal data is processed. Participating authorities will engage with controllers across different sectors through enforcement actions or fact-finding exercises, with follow-up actions where necessary. In H2 2026, DPAs will share their findings and produce a consolidated report for adoption by the EDPB.

Information Law weekly highlights—19 March 2026

This week’s edition of the Information Law weekly highlights includes a hand-picked summary of news analysis, updates and new content related to laws governing the use and dissemination of information and personal data. Each week these highlights focus on developments in key topics such as data protection, ePrivacy, cybersecurity, breach of confidence, misuse of private information, and defamation.

ENISA launches SME survey on EU Cyber Resilience Act implementation readiness

The EU Agency for Cybersecurity (ENISA) has launched a survey aimed at micro, small and medium-sized enterprises (SMEs) to assess their readiness for implementing Regulation (EU) 2024/2487 (the Cyber Resilience Act (CRA)), which will apply from December 2027. The CRA introduces cybersecurity requirements for all products with digital elements placed on the EU market. The survey covers five areas: company profile, levels of awareness and readiness, existing cybersecurity practices, preferred support and communication channels and the maturity of CRA-relevant practices. The findings will support ENISA and the European Commission in developing targeted support measures, including awareness campaigns, training materials and tailored guidance, and provide evidence-based input to inform national and EU-level discussions on CRA implementation.

View Information Law by content type :

News