A Collection is a selection of features, articles, comments and opinions on any given theme or topic. It allows you to stay up‑to‑date with what interests you most.
Login here to access your saved articles and followed authors.
We have sent you an email so you can reset your password.
Sorry, we had a problem.
Tags related to this article
Published 27 August 2021
The High Court has handed down judgment in Warren v DSG Retail Ltd  EWHC 2168 (QB) providing much needed clarity on claims against data controllers where data has been exposed as a result of the unlawful actions of third parties.
The Claimant brought a low-value claim against DSG Retail Ltd ("DSG") following an incident in which cybercriminals compromised the personal data of DSG's customers. The Claimant alleged breach of data protection principles, negligence, breach of confidence and misuse of private information. We note that there was no claim for financial loss or personal injury and damages were only sought in respect of distress.
The Defendant successfully applied for summary judgment and/or an order striking out all causes of action save for the claim for breach of statutory data protection principles.
The Court held that:
Due to the low value nature of these type of data claims, they typically settle prior to proceedings being issued, resulting in little guidance being provided by the High Court. In light of the decision in Warren v DSG, it now seems clear that the High Court will strike out claims which attempt to shoehorn the facts of an alleged data breach into various other causes of action. Claimants alleging a breach of their data rights arising out of a hacking incident should therefore take note and narrow the issues in dispute before engaging with the other side.
The decision will be welcomed by defendants due to the potential costs implications arising out of the dismissal of both the breach of confidence and misuse of private information claims. Claimants in low value data claims often purchase ATE insurance as costs protection, sometimes as soon as instructing solicitors. Whilst ATE premiums are typically not recoverable in data protection claims, they can be recoverable for Misuse of Private Information and Breach of Confidence claims. By pleading both of these causes of action alongside their data claims, claimants try to manoeuvre Defendants into factoring in their ATE premiums when assessing costs liability for settlement.
Going forward, claimants will need to carefully consider whether it is cost effective to purchase ATE insurance ahead of bringing a low value claim for breach of data rights - particularly where the breach occurred due to a hacking incident.
+44(0)117 918 2697
+44(0)117 918 2265
Patrick Hill, Hans Allnutt, Eleanor Ludlam
Eleanor Ludlam, Ornela Markaj
Rowena McCormack, Charlotte Burke
Pilar Rodríguez, Diego Zapatero Méndez, Astrid Hardy, Diana Lopez