Following on from a string of cases in 2021 concerning minor data breaches (see our earlier article here), two further cases in Q1 of 2022 have continued the trend of High Court scepticism. Such compensation claims, usually involving multiple causes of action, often find themselves trimmed down and sent to the County Court, if
On 10 November 2021, the UK Supreme Court unanimously rejected Mr Richard Lloyd’s attempt to bring representative proceedings against Google. Styled by the Court of Appeal as a champion of consumer protection, Mr Lloyd sought damages for approximately 4 million Apple IPhone users under section 13 of the Data Protection Act 1998 (“the DPA 1998”) after the unlawful processing of their data. He had suggested uniform damages at £750 per user which would have landed Google with a bill for £3 billion.
Continue Reading Google LLC v Lloyd – Major Representative Action Denied
2021 was a busy year for UK data litigators as courts got their teeth into some key issues in this developing area. One area of particular focus was how English law approaches the ‘minor’ or ‘inadvertent’ data breach. Such incidents can easily arise; an email copied to the wrong person, usually swiftly deleted, is a…
Over the past few years, there has been an increasing number of claims against businesses and public bodies for distress caused by data breaches. The pattern is, by now, a familiar one. A claimant will make a claim for breach of data protection legislation, seeking damages at a relatively low value for the distress and anxiety they say has been caused by the data breach. This claim will be accompanied by claims for one or more of: misuse of private information, breach of confidence and negligence. Added on to the damages claimed will be the legal costs of the claimant’s lawyers, together with the after-the-event (“ATE”) insurance premium for the policy the claimant will have procured to bring a privacy claim. As a result, the defendant is faced with a difficult decision – pay over the odds for a claim where the claimant has suffered no financial loss, or fight litigation with the risk of mounting costs on both sides if the decision goes against them.
Following a cyber-attack in 2017 and 2018, this is the situation that faced DSG Retail Limited (“DSG”), and which has led to an important judgment for these data breach claims, Warren v DSG Retail Ltd  EWHC 2168 (QB).
Continue Reading Narrowing the Scope of Data Breach Claims? – Warren v DSG Retail Ltd
This summer the ICO has issued significant fines in relation to high profile data breaches since acquiring its new “GDPR charged” powers. With less publicity, but nonetheless important given the increasing awareness of the rights of data subjects to claim damages for breaches of data protection legislation, the Ministry of Justice has recently announced that there are going to be some changes to the Civil Procedure Rules (“CPR”) from 1 October 2019 onwards as regards privacy and data protection claims. Court Rules dealing with defamation cases (CPR Part 53 and the related pre-action protocol) will be amended such that they will also become applicable to any case that includes a claim for misuse of private information, data protection or harassment by publication.
Continue Reading UK Ministry of Justice Announces Changes Regarding Privacy and Data Protection Claims