The General Data Protection Regulation, the GDPR, was brought in across Europe in 2018 and updated in 2021 in the UK to maintain national legal jurisdiction, referred to as the UK-GDPR. The law itself is concerned with the ‘processing of personal data’ and seeks to protect the rights of the individual as pertaining to the protection of personal data.
As can be expected with such a broad ranging and highly prevalent set of laws, which affect our lives on a daily basis, it is important to seek a better understanding of the topic. It is precisely that prevalence, the commonality of the GDPR, that can lead to questions around what exactly is protected, and what to do in case of a breach. In this article, we will explain how even something as ostensibly mundane as your e-mail address can relate to privacy law.
Is an email address classed as personal data?
Personal data is broadly defined as any information that could be used to identify you, whether directly or indirectly. To that end an email address could fall well within the definition however, it should be noted, that not all email addresses are considered personal data.
If you’re wondering ‘is revealing my email address a breach of GDPR?’ then it is important to remember that in order to be in breach of the law, the email address in question needs to fall into one of two categories:
- A personal email address, for example Gmail, Outlook or Yahoo
- A company or work address that contains a personal identifier, i.e., firstname.lastname@example.org
If you happen to own or oversee any general submission addresses such as ‘hello@’ or ‘info@’, revealing one of these is not considered a breach of GDPR as they are considered public knowledge.
Is revealing my email address a breach of GDPR?
In order to be considered a breach of GDPR, an email in one of the two categories detailed above, must be shared without your prior knowledge or express permission. This could result in unwanted marketing emails, or targeted scams.
It is fairly common practice for organisations, for example an online retailer, to seek consent before sharing your email address with partners. If said consent is granted, then any sharing and subsequent contact would not necessarily constitute a breach.
When can an email be shared?
Despite the GDPR’s definition and strengthening of laws surrounding email addresses, there are circumstances where sharing such information is legal. For example, when:
- You grant consent to do so
- A third party needs to, in order to fulfil a contract with you
- They need to in order to comply with the law
- There is a threat to your or someone else’s life or personal safety
- They are acting in the public interest
- They have legitimate business interests
How can my email address be breached?
There are several ways in which your email address can be shared. In April 2022 The Guardian reported on an incident in which the email addressed were mistakenly copied into an email circulated by the Home Office’s visa service to update users on a change in appointment time.
Other ways in which an email address could be shared without consent or knowledge could be;
- Incorrect use of the ‘BCC’ or Blind Carbon Copy function. BCC allows the sender to send the same message to multiple recipients, while preventing them from seeing which other email addresses have been contacted. ‘CC’ or Carbon Copy on the other hand, makes that information available to everyone in the email chain.
- Other instances of human error, which may be something as simple as typing an email address incorrectly, thereby forwarding your information to a third party, or else perhaps forwarding an email on without taking adequate care to remove any personally identifiable information (PII).
- There could of course be more malicious motives, a targeted mailing-list hack for example, or someone deliberately sharing or misusing information from inside, or indeed outside, a given organisation.
What to do if your email address has been shared without your permission
In the first instance, it is worth contacting the organisation or individual responsible for holding, and thereby safeguarding, your information to enquire about the cause and extent of the breach. You may find it worthwhile to remind the third party in question of their responsibilities with regards PII, and of their obligation to assist the affected parties in their enquiries.
In the event that the responsible party is unresponsive, or that their responses are unsatisfactory, you may wish to escalate proceedings by registering a complaint with the Information Commissioner’s Office (ICO) within three months of final correspondence. They may choose to aid you by investigating your claim independently, however, they can not help you obtain compensation for the breach. To obtain compensation for a data breach, you should get in touch with an expert data breach solicitor, such as HNK Solicitors. A data breach solicitor can help you make a claim and ensure you receive the compensation you are entitled to.
Can I claim compensation if someone has breached my email address?
As with any compensation claim, the specifics of your case would have to be investigated thoroughly by a legal representative to assess the strength of your claim before taking it forward.
A compensation claim relating to the GDPR would be contingent on being able to prove the following three criteria have been met:
- There has been a breach of your personal data
- There has been some element of wrongdoing on the part of a third party
- The breach has had some manner of negative impact, whether emotional, financial or both
HNK Solicitors can help with your data breach compensation claim
If you believe you have been the victim of a GDPR data breach, get in touch with HNK Solicitors today. Email us at email@example.com, give us a call on 0151 668 0813 or fill in the enquiry form on our website and one of our advisors will be in touch. We are experts in the field of data breach claims and can help you to get the compensation you deserve.
We offer a no-win, no-fee service which means you don’t have to pay a penny upfront to start your claim. Contact us today to organise a free consultation where we will assess the details of your case and be able to inform you if you’re entitled to make a claim.