Data Protection Act 1998

On 10 November 2021, the UK Supreme Court unanimously rejected Mr Richard Lloyd’s attempt to bring representative proceedings against Google. Styled by the Court of Appeal as a champion of consumer protection, Mr Lloyd sought damages for approximately 4 million Apple IPhone users under section 13 of the Data Protection Act 1998 (“the DPA 1998”) after the unlawful processing of their data. He had suggested uniform damages at £750 per user which would have landed Google with a bill for £3 billion.
Continue Reading Google LLC v Lloyd – Major Representative Action Denied

Data ProtectionOver the past few years, there has been an increasing number of claims against businesses and public bodies for distress caused by data breaches. The pattern is, by now, a familiar one. A claimant will make a claim for breach of data protection legislation, seeking damages at a relatively low value for the distress and anxiety they say has been caused by the data breach. This claim will be accompanied by claims for one or more of: misuse of private information, breach of confidence and negligence. Added on to the damages claimed will be the legal costs of the claimant’s lawyers, together with the after-the-event (“ATE”) insurance premium for the policy the claimant will have procured to bring a privacy claim. As a result, the defendant is faced with a difficult decision – pay over the odds for a claim where the claimant has suffered no financial loss, or fight litigation with the risk of mounting costs on both sides if the decision goes against them.

Following a cyber-attack in 2017 and 2018, this is the situation that faced DSG Retail Limited (“DSG”), and which has led to an important judgment for these data breach claims, Warren v DSG Retail Ltd [2021] EWHC 2168 (QB).
Continue Reading Narrowing the Scope of Data Breach Claims? – Warren v DSG Retail Ltd