In the latest issue:

Real Men Go to Tehran

Adam Shatz

What Trump doesn’t know about Iran

Patrick Cockburn

Kaiser Karl V

Thomas Penn

The Hostile Environment

Catherine Hall

Social Mobilities

Adam Swift

Short Cuts: So much for England

Tariq Ali

What the jihadis left behind

Nelly Lahoud

Ray Strachey

Francesca Wade

C.J. Sansom

Malcolm Gaskill

At the British Museum: ‘Troy: Myth and Reality’

James Davidson

Poem: ‘The Lion Tree’

Jamie McKendrick


Jenny Turner

Boys in Motion

Nicholas Penny

Jia Tolentino

Lauren Oyler

Diary: What really happened in Yancheng?

Long Ling

The Journalistic ExemptionJo Glanville

Terms and Conditions

These terms and conditions of use refer to the London Review of Books and the London Review Bookshop website ( — hereafter ‘LRB Website’). These terms and conditions apply to all users of the LRB Website ("you"), including individual subscribers to the print edition of the LRB who wish to take advantage of our free 'subscriber only' access to archived material ("individual users") and users who are authorised to access the LRB Website by subscribing institutions ("institutional users").

Each time you use the LRB Website you signify your acceptance of these terms and conditions. If you do not agree, or are not comfortable with any part of this document, your only remedy is not to use the LRB Website.

  1. By registering for access to the LRB Website and/or entering the LRB Website by whatever route of access, you agree to be bound by the terms and conditions currently prevailing.
  2. The London Review of Books ("LRB") reserves the right to change these terms and conditions at any time and you should check for any alterations regularly. Continued usage of the LRB Website subsequent to a change in the terms and conditions constitutes acceptance of the current terms and conditions.
  3. The terms and conditions of any subscription agreements which educational and other institutions have entered into with the LRB apply in addition to these terms and conditions.
  4. You undertake to indemnify the LRB fully for all losses damages and costs incurred as a result of your breaching these terms and conditions.
  5. The information you supply on registration to the LRB Website shall be accurate and complete. You will notify the LRB promptly of any changes of relevant details by emailing the registrar. You will not assist a non-registered person to gain access to the LRB Website by supplying them with your password. In the event that the LRB considers that you have breached the requirements governing registration, that you are in breach of these terms and conditions or that your or your institution's subscription to the LRB lapses, your registration to the LRB Website will be terminated.
  6. Each individual subscriber to the LRB (whether a person or organisation) is entitled to the registration of one person to use the 'subscriber only' content on the web site. This user is an 'individual user'.
  7. The London Review of Books operates a ‘no questions asked’ cancellation policy in accordance with UK legislation. Please contact us to cancel your subscription and receive a full refund for the cost of all unposted issues.
  8. Use of the 'subscriber only' content on the LRB Website is strictly for the personal use of each individual user who may read the content on the screen, download, store or print single copies for their own personal private non-commercial use only, and is not to be made available to or used by any other person for any purpose.
  9. Each institution which subscribes to the LRB is entitled to grant access to persons to register on and use the 'subscriber only' content on the web site under the terms and conditions of its subscription agreement with the LRB. These users are 'institutional users'.
  10. Each institutional user of the LRB may access and search the LRB database and view its entire contents, and may also reproduce insubstantial extracts from individual articles or other works in the database to which their institution's subscription provides access, including in academic assignments and theses, online and/or in print. All quotations must be credited to the author and the LRB. Institutional users are not permitted to reproduce any entire article or other work, or to make any commercial use of any LRB material (including sale, licensing or publication) without the LRB's prior written permission. Institutions may notify institutional users of any additional or different conditions of use which they have agreed with the LRB.
  11. Users may use any one computer to access the LRB web site 'subscriber only' content at any time, so long as that connection does not allow any other computer, networked or otherwise connected, to access 'subscriber only' content.
  12. The LRB Website and its contents are protected by copyright and other intellectual property rights. You acknowledge that all intellectual property rights including copyright in the LRB Website and its contents belong to or have been licensed to the LRB or are otherwise used by the LRB as permitted by applicable law.
  13. All intellectual property rights in articles, reviews and essays originally published in the print edition of the LRB and subsequently included on the LRB Website belong to or have been licensed to the LRB. This material is made available to you for use as set out in paragraph 8 (if you are an individual user) or paragraph 10 (if you are an institutional user) only. Save for such permitted use, you may not download, store, disseminate, republish, post, reproduce, translate or adapt such material in whole or in part in any form without the prior written permission of the LRB. To obtain such permission and the terms and conditions applying, contact the Rights and Permissions department.
  14. All intellectual property rights in images on the LRB Website are owned by the LRB except where another copyright holder is specifically attributed or credited. Save for such material taken for permitted use set out above, you may not download, store, disseminate, republish, post, reproduce, translate or adapt LRB’s images in whole or in part in any form without the prior written permission of the LRB. To obtain such permission and the terms and conditions applying, contact the Rights and Permissions department. Where another copyright holder is specifically attributed or credited you may not download, store, disseminate, republish, reproduce or translate such images in whole or in part in any form without the prior written permission of the copyright holder. The LRB will not undertake to supply contact details of any attributed or credited copyright holder.
  15. The LRB Website is provided on an 'as is' basis and the LRB gives no warranty that the LRB Website will be accessible by any particular browser, operating system or device.
  16. The LRB makes no express or implied representation and gives no warranty of any kind in relation to any content available on the LRB Website including as to the accuracy or reliability of any information either in its articles, essays and reviews or in the letters printed in its letter page or material supplied by third parties. The LRB excludes to the fullest extent permitted by law all liability of any kind (including liability for any losses, damages or costs) arising from the publication of any materials on the LRB Website or incurred as a consequence of using or relying on such materials.
  17. The LRB excludes to the fullest extent permitted by law all liability of any kind (including liability for any losses, damages or costs) for any legal or other consequences (including infringement of third party rights) of any links made to the LRB Website.
  18. The LRB is not responsible for the content of any material you encounter after leaving the LRB Website site via a link in it or otherwise. The LRB gives no warranty as to the accuracy or reliability of any such material and to the fullest extent permitted by law excludes all liability that may arise in respect of or as a consequence of using or relying on such material.
  19. This site may be used only for lawful purposes and in a manner which does not infringe the rights of, or restrict the use and enjoyment of the site by, any third party. In the event of a chat room, message board, forum and/or news group being set up on the LRB Website, the LRB will not undertake to monitor any material supplied and will give no warranty as to its accuracy, reliability, originality or decency. By posting any material you agree that you are solely responsible for ensuring that it is accurate and not obscene, defamatory, plagiarised or in breach of copyright, confidentiality or any other right of any person, and you undertake to indemnify the LRB against all claims, losses, damages and costs incurred in consequence of your posting of such material. The LRB will reserve the right to remove any such material posted at any time and without notice or explanation. The LRB will reserve the right to disclose the provenance of such material, republish it in any form it deems fit or edit or censor it. The LRB will reserve the right to terminate the registration of any person it considers to abuse access to any chat room, message board, forum or news group provided by the LRB.
  20. Any e-mail services supplied via the LRB Website are subject to these terms and conditions.
  21. You will not knowingly transmit any virus, malware, trojan or other harmful matter to the LRB Website. The LRB gives no warranty that the LRB Website is free from contaminating matter, viruses or other malicious software and to the fullest extent permitted by law disclaims all liability of any kind including liability for any damages, losses or costs resulting from damage to your computer or other property arising from access to the LRB Website, use of it or downloading material from it.
  22. The LRB does not warrant that the use of the LRB Website will be uninterrupted, and disclaims all liability to the fullest extent permitted by law for any damages, losses or costs incurred as a result of access to the LRB Website being interrupted, modified or discontinued.
  23. The LRB Website contains advertisements and promotional links to websites and other resources operated by third parties. While we would never knowingly link to a site which we believed to be trading in bad faith, the LRB makes no express or implied representations or warranties of any kind in respect of any third party websites or resources or their contents, and we take no responsibility for the content, privacy practices, goods or services offered by these websites and resources. The LRB excludes to the fullest extent permitted by law all liability for any damages or losses arising from access to such websites and resources. Any transaction effected with such a third party contacted via the LRB Website are subject to the terms and conditions imposed by the third party involved and the LRB accepts no responsibility or liability resulting from such transactions.
  24. The LRB disclaims liability to the fullest extent permitted by law for any damages, losses or costs incurred for unauthorised access or alterations of transmissions or data by third parties as consequence of visit to the LRB Website.
  25. While 'subscriber only' content on the LRB Website is currently provided free to subscribers to the print edition of the LRB, the LRB reserves the right to impose a charge for access to some or all areas of the LRB Website without notice.
  26. These terms and conditions are governed by and will be interpreted in accordance with English law and any disputes relating to these terms and conditions will be subject to the non-exclusive jurisdiction of the courts of England and Wales.
  27. The various provisions of these terms and conditions are severable and if any provision is held to be invalid or unenforceable by any court of competent jurisdiction then such invalidity or unenforceability shall not affect the remaining provisions.
  28. If these terms and conditions are not accepted in full, use of the LRB Website must be terminated immediately.
Vol. 40 No. 13 · 5 July 2018

The Journalistic Exemption

Jo Glanville writes about the Data Protection Act

When​ the first Data Protection Act was passed in 1984, it was estimated that there were 200,000 computers in the UK holding personal data, defined in the legislation as information relating to a living individual that could identify them. The Act stipulated that any computer holding such data would have to be registered by a newly appointed data protection registrar. When Parliament was asked to agree the registrar’s salary, the MP for Wrexham remarked that £35,000 was a lot of money: ‘I doubt whether many people are worth that much.’ Today, his successor, the information commissioner, is paid £180,000 a year, more than the prime minister, and we are way past the point of being able to count, let alone attempt to register, all the computers, apps and storage systems that hold personal data. The new Data Protection Act passed in May defines personal data as any information relating to an identified or identifiable living individual; as well as our names, addresses and dates of birth, this now includes markers of our digital identities, such as IP addresses and biometric data. The new legislation brings into law the General Data Protection Regulation (GDPR) that came into force across the EU in May.

GDPR replaces the Data Protection Directive 1995, which was the first attempt to harmonise EU law in this area. Data controllers, who decide the purposes for which and manner in which people’s personal data will be used, and data processors, who deal with the data – collect it, store it, amend it, implement its use – on behalf of the controller, must observe certain principles. Among other things, the data they control and process ‘must be accurate and, where necessary, kept up to date’; it must be ‘adequate, relevant and limited to what is necessary’ to the purpose for which it is used; it must be ‘kept in a form which permits identification of data subjects for no longer than is necessary’. Consent, transparency and accountability are the watchwords, and the threshold is especially high for categories of data classed as ‘sensitive’: a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs; whether or not they belong to a trade union; their health records and details of their sex lives. Unlike the 1995 directive, GDPR is legally binding. Not only do we now have to ‘opt in’, to give explicit consent for the use of our data (no more ending up on mailing lists because you didn’t notice the opt-out box), but both data controllers and processors will be liable to fines for breaches. (The Data Protection Act makes company directors personally liable: EU member states were allowed to determine the penalties under the GDPR.) The maximum fine in the UK used to be £500,000 (the Crown Prosecution Service was fined £325,000 in May for losing unencrypted DVDs containing recordings of police interviews), but under GDPR it will be €20 million, or 4 per cent of annual worldwide turnover, whichever is higher.

The Facebook-Cambridge Analytica scandal was a reminder, were it needed, of how easily our data can be obtained and misused. It is vulnerable to companies, hackers, blaggers, the media, advertisers, public authorities, the intelligence services and the police. The new legislation gives us, in our parallel identity as ‘data subjects’, extensive control over our personal information. Following the introduction of the ‘right to be forgotten’ by the Court of Justice of the European Union in the Google Spain case of 2014, GDPR also enshrines the right to demand the erasure of personal data; if a request is upheld, the data controller will have to ensure that third parties with whom they have shared it delete it too. But such rights come at a price. There are concerns about the consequences for freedom of expression.

Personal information and human stories are the raw material of journalism. The right to privacy is often in tension with journalistic inquiry. But in recent years there have been several cases, brought into the spotlight by the Leveson Inquiry, where journalists’ acquisition and use of personal data has been in outright violation of the law. In 2003 the Information Commissioner’s Office (ICO) carried out Operation Motorman, which uncovered an extensive illegal trade in confidential personal data. The main player was a private investigator Steve Whittamore, who had access through his contacts to DVLA records and BT accounts, and had supplied information to 305 journalists – the Observer, the Daily Mirror and the Daily Mail were among the newspapers that used his services. In March this year, the self-confessed blagger turned whistleblower John Ford revealed the tactics he had used over a period of 15 years up to 2010 to obtain information illegally for newspapers; on one occasion he impersonated William Hague on the phone to get access to his bank account. Many believe that such malpractice continues.

But the new laws are not intended to impede the business of legitimate daily journalism. The Data Protection Act recognises the ‘special importance of the public interest in the freedom of expression and information’, and allows exemptions for journalistic, literary, artistic and academic expression where data is processed with a view to publication, where there is a reasonable belief that publication is in the public interest and that compliance would be ‘incompatible with the special purposes’. At the same time, the Act makes no distinction between personal and private data, between information that many of us might reveal in the course of our daily lives and the most intimate details that we might only share with our partner or doctor. In its guidelines for journalists (due to be replaced by a statutory code), the ICO states that ‘anything about a person can be personal data, even if it is innocuous or widely known.’ That might include a person’s job, education, the town they live in and the organisations they belong to.

The strength of the journalistic exemption has yet to be properly tested in litigation. ‘That can pose difficulties,’ according to Nicola Cain, a leading media lawyer ‘both prior to publication and when faced with a complaint, as the boundaries may be unclear, especially to those who are unfamiliar with the area.’ The very lack of certainty, in other words, might have a chilling effect. Over the past few years, data protection claims against the media have increased. It appears that they are being deployed as a new form of reputation management: there is no time limitation on claims, no defence for truth or honest opinion, and no requirement to demonstrate serious harm, as there is with libel. Every stage in the practice of journalism is potentially vulnerable to challenge under data protection laws – from researching a story to maintaining archives. Challenges can range from a request that a wedding announcement be removed (this is an actual instance), not because it was inaccurate, but simply because one of the parties no longer wished it to be public, to a ‘subject access request’ for all the information that a newspaper holds about an individual. ‘It can be used to seize up an organisation, halt you and distract you,’ one lawyer said to me. In another recent instance, an individual asked that their name be removed from a story in which they were identified. The story itself was of substantial public interest, but the newspaper found it hard to argue that the reference to the individual was itself in the public interest, since they were incidental to the story, included primarily to add context and colour. One media lawyer told me that newspapers often now self-censor rather than risk potentially costly legal battles; some are reassessing the limits of public interest and the parameters of reporting.

Lord Leveson proposed significantly limiting the scope of the exemption for journalism and giving the information commissioner stronger enforcement powers. Conducted in the long wake of his inquiry, the passage through Parliament of the new Data Protection Act became the occasion for further battles over press regulation. The Lords made two attempts to vote through costs provisions that would have severely penalised media organisations prosecuted for data protection violations – even if they ended up winning the case – if they weren’t signed up to a recognised regulator. They also voted for an inquiry into unlawful data processing and other improper conduct by news publishers. (The inquiry was rejected in the Commons by a narrow majority, while the costs provisions were ultimately withdrawn from the bill.) An earlier draft of the bill dropped an extension to the role of the information commissioner: there were concerns that the commissioner would acquire the power to censor articles before publication. In the last stages before the bill was passed, the government made concessions – including a five-yearly review by the ICO of media compliance with data protection laws and a report by the secretary of state every three years on the effectiveness of the press’s procedures for alternative dispute resolution – which once again raised concerns about the potential for state interference in the regulation of the media.

Archives​ are vulnerable. A newspaper report, for example, that may have been of significant public interest when it was published ten years ago might be open to challenge regarding its continuing relevance, accuracy or public interest. The government has given assurances that archives will be protected, but the Data Protection Act leaves room for doubt: the exemptions made may not apply to material that is likely to cause data subjects ‘substantial damage or substantial distress’.

In 2008 Max Mosley took the News of the World to court for invading his privacy after the newspaper published photographs – and, online, video footage – from a sex party it had secretly filmed, and which it described in the accompanying story as a Nazi orgy. The court awarded Mosley unprecedented damages of £60,000, having found no evidence to support the paper’s allegation that the party had a Nazi theme (the NoW had given this as the basis of its claim that the story was in the public interest). The same year, Mosley went to the European Court of Human Rights arguing that the media should have to give advance notice when they intend to publish stories about people’s private lives – the case was rejected. And in February this year, Mosley sought the removal of stories referring to the party from the online archives of the Daily Mail, the Daily Mirror, the Sun and the Times. The now notorious story has been so widely reported and referred to that it would be all but impossible to wipe from the public domain. The irony is that Mosley’s pursuit of the press over the past decade has ensured not only that the News of the World’s story remains in the news, but that it is now of greater public interest than when it was first published.

Mosley has also taken issue with reports that he has personally financed and exerts influence on the press regulator Impress, an independent body set up in the wake of the Leveson Inquiry and the first to be recognised under the Royal Charter. It has 106 members – Ipso, the dominant, industry-funded regulator, has 1500 – and no national newspaper has joined. Impress has underlined the importance of placing a firewall between itself and its donors to guarantee its independence. It is funded by the Independent Press Regulation Trust, whose donations come solely from the Alexander Mosley Charitable Trust. The News Media Association is currently challenging the state-backed recognition of Impress in the Court of Appeal (after losing in the High Court last year); it’s the latest stage in a face-off between the media and the press regulation lobby represented by Hacked Off, which is taking the government to court this autumn over its decision to cancel the second part of the Leveson Inquiry.

Perhaps the most significant of Mosley’s legal successes have been in the suits he brought against Google in the French and German courts to prevent it returning search results in those countries linking to the photographs published by the News of the World. Many categories of online content are not covered by the exemptions for freedom of expression under GDPR, including search engine indexing (the service provided by Google and others that answers our searches for information), social networking, general self-expression by individuals, evaluation sites and rating sites. Daphne Keller of Stanford Law School has warned that the ambiguity of the law on these matters will lead to the censorship of legitimate content. Data subjects can, for example, require controllers to restrict access to online content by making an allegation of its inaccuracy, even before it has been determined whether or not their claim is valid. Data protection law is, as Keller sees it, ‘a powerful new tool for abusive claimants to hide information from the public’.

Google, in its most recent transparency report, recorded that since the ‘right to be forgotten’ case in 2014, it has received requests that it delist more than 2.5 million URLs. It has accepted and acted on 44 per cent of these requests; 18 per cent of the URLs delisted since January 2016 are categorised as news. Earlier this year, Google tried (and failed) to take advantage of the journalistic exemption in its argument at the first ‘right to be forgotten’ case to be heard in the UK. The media is concerned that claimants will be able to bypass the protections for journalism by getting Google to delist stories that may be of public interest. While Google informs the media of stories that will be delisted, it does not provide the grounds of the complaint; the original publisher isn’t informed when delisting claims against Google are heard by the ICO.

Newspapers are already reporting a rise in requests for the removal of content since the passage of the new legislation. It is now nearly a decade since the European Commission launched its data protection strategy, but it is the courts that will have to continue to weigh the balance between privacy and freedom of expression. Meanwhile, the government is committed to retaining the principles of GDPR after Brexit, but that hasn’t stopped the Home Affairs Select Committee issuing an alarming report detailing the potential for problems after we leave the EU. Certain items in the Data Protection Act, among them an exemption that may deny individuals access to Home Office data on their immigration cases, may not meet EU standards. The failure to include the EU Charter of Fundamental Rights in the withdrawal bill is likely to affect not only data protection but other essential rights too. Freedom of expression may turn out to be the least of our worries.

Send Letters To:

The Editor
London Review of Books,
28 Little Russell Street
London, WC1A 2HN

Please include name, address, and a telephone number.

Read anywhere with the London Review of Books app, available now from the App Store for Apple devices, Google Play for Android devices and Amazon for your Kindle Fire.

Sign up to our newsletter

For highlights from the latest issue, our archive and the blog, as well as news, events and exclusive promotions.