enquiries@hnksolicitors.com
Mon-Thu 09:00-19:00 | Fri 09:00-17:00

What constitutes misuse of data?

Everyday we use technology, from social media to downloading apps, we’re agreeing to the provider’s use of our data. But it can often be hard to understand what constitutes misuse of data, like when or how they can use our data, since the ‘terms of use’ are often dense and challenging to process.

However, they do have their role in explaining exactly how our data is processed and how it can be used. There are three ways in which data is typically used: it can be aggregated and analysed to provide us with personalised ad experiences; logged and assessed for research purposes; and sold to data broker companies. Within each of these uses there are parameters for how our data can be handled, stored, and distributed.

Within the last two years our world has become more and more digital and with the work-from-home norm, it’s become more difficult for companies to enforce these parameters of personal data usage. Data misuse occurs when companies or individuals use the personal data for reasons beyond the stated intensions. Oftentimes this can be a misstep on behalf of an individual or third-party partner, and not always an intentional action of the company. So, what constitutes misuse of data?

Woman in street looks at her phone with face pixelated for blog about What constitutes misuse of data?

What constitutes misuse of data?

To clarify, data misuse is not theft. It is when legitimately collected personal information is used for a reason other than its intended purpose. Data misuse is not a malicious attack on your privacy but more of a negligence within the data processing of the company. Data misuse can typically fall into three categories: commingling, personal benefit, and ambiguity.

Commingling is when the data collected for a specific reason is later used for a different purpose. Sharing data between sister companies, or using data collected for academic research to be reapplied for marketing purposes are two of the most common commingling examples. This is due to ease of access, business owners can often misunderstand that since they collected the data, they can use it at their own discretion.

Personal Benefit is when someone with access to the personal information abuses it for their own gain. However, these instances are rarely actioned with malicious intent and tend to happen when employees move data onto personal devices for ease of access.

Ambiguity is when companies fail to explicitly convey the reasons for their data collection and what the data will be used for in accessible language. Sometimes companies may do this as they’re unsure themselves how they would like to use the customer data but still want to collect it. However, this leaves their terms of use open to interpretation and gives the company free reign to use the personal data however they like.

Examples of data misuse

Data misuse can affect millions of people and have devastating consequences for companies, and in larger cases it can cost billions in fines. Not including settlements and ransomware attacks. There have been several high-profile instances of data misuse in recent years, and these are just some examples of data misuse.

First up is probably one of the most well-known data scandals in recent times. The Cambridge Analytica case began when users signed up to an app called “This Is Your Digital Life” which was a survey of questions to build a psychological profile of users. The app also collected data on the Facebook friend’s list of those who signed up, without their consent.

The 2018 scandal involved nearly 87 million Facebook users’ data being shared for marketing purposes and cost the company a $5 billion fine. Cambridge Analytica filed for bankruptcy soon after.

In 2019, Twitter accidentally gave access of its users’ personal data to advertisers which allowed them to target ads more specifically. The bug meant that Tailored Audiences advertisers could access Twitter users’ phone numbers and email addresses, they could then cross-reference their own database to identify shared customers and offer targeted ads, without their permission.

In 2020, Google was fined almost $57 million by the French data protection authority for failing to acknowledge the way it used personal data. The collection consent was ambiguous as it wasn’t specific about how the data would be used, that the legal basis of processing data is for ads personalisation and not for the benefit of the company.

The General Data Protection Regulation (GDPR) states that users have the right to know whether their data is being processed, where it is stored, the purpose of its use and who it is shared with.

General Data Protection Regulation sign with padlock symbol and eu stars for blog about what constitutes misuse of data.

Can I claim compensation for misuse of data?

The Information Commissioner’s Office (ICO) states it cannot award compensation for misuse of data. However, reaching out for independent legal advice to create a claim can result in compensation. The amount of you can claim will depend on your specific circumstances, which is why we think it’s important you understand what constitutes misuse of data.

HNK can help you assess your case and advise you on what you may be entitled to. Our guide to data breach compensation payouts gives a detailed explanation of what you can claim for and how to make your claim. With a more in-depth guide on protecting your data and claiming Data Protection Act damages for distress.

Who can you make a data misuse claim against?

Claims can be made against any company or organisation who stores or processes your personal information. Any company or organisation using, storing or processing personal information must follow the rules of the Data Protection Act and the General Data Protection Regulation (GDPR) within the corresponding countries.

You can make a claim in accordance with the Data Protection Act for several reasons: financial losses, reputational damage, impact on current (or future) employment, inconvenience, and emotional distress.

Under the GDPR and DPA you can file a data breach claim if your personal information has been hacked, leaked, corrupted, lost, disclosed or misused. You can make a claim regardless of whether it was deliberate or due to negligence. However, the breach must have occurred within the last six years.

What to do if you have been the victim of data misuse

If you’re wondering what the process is for making a claim, we can break it down for you. First, you’ll want to work out what data is affected and what the organisation can do to help you. If they fail to give you compensation or repair the damage, you can report your case to the ICO before taking legal action. As mentioned previously, they cannot award compensation; however, they will investigate the matter and can fine the company on your behalf. Their findings can also help your case.

A data breach solicitor will then work on your behalf to reach the maximum GDPR compensation you are entitled to. This will not only include financial losses but also compensation for distress caused. Even if you have not suffered any financial loss, you can still make a claim for emotional damages caused by the data breach.

Man with laptop in background with GDPR graphics and internet symbols hovering in foreground for blog about what constitutes misuse of data.

How can HNK Solicitors help if I have been the victim of data misuse

Not only can HNK Solicitors help you file a complaint to the ICO and provide tailored advice, we can also help you get the compensation you deserve. We’ll work together to build your case. HNK have years of extensive experience securing compensation for victims of data misuse, you can read one of our recent data breach case studies here. We recognise the significant impacts a data breach can cause, and we can provide you with tailored, expert support to ensure you get the outcome you deserve.

We offer free consultations to discuss your case and assess the possibilities of court action. If we believe you may be entitled to compensation for both financial and emotional damage, we can take up your claim on a no-win, no-fee basis. If you have been the victim of a data breach, get in touch today. To arrange a consultation, you can simply fill out the form on our website to request a call back or you can call us on 0151 203 1104.

Related Posts

Get in touch

Fill out the below form and one of our advisors will get in touch to arrange a consultation about your claim.

Recent Articles

Police car lights at night time infront of lit up building
Your right to remain silent – what are UK Miranda Rights?
September 17, 2022
How do I make a complaint against the police?
September 16, 2022
How to Report a Breach of Data Protection
August 8, 2022
Call Us Claim Now