A Collection is a selection of features, articles, comments and opinions on any given theme or topic. It allows you to stay up‑to‑date with what interests you most.
Login here to access your saved articles and followed authors.
We have sent you an email so you can reset your password.
Sorry, we had a problem.
Tags related to this article
Published 29 November 2021
The last month has seen significant decisions in the world of data breaches which will be welcomed by the legal profession and their insurers.
The first decision of Lloyd v Google LLC  UKSC 50 must be one of the most publicised cases of recent times.
On 10 November 2021, the Supreme Court held that in order for a claim for compensation to succeed under Section 13 Of the Data Protection Act 1998 (the ‘Act’), a Claimant must demonstrate more than a mere breach of the Act, but also that damage has been suffered. There is no automatic right to compensation. The damage suffered must be material damage.
In order to assess compensation under section 13, it would be necessary to consider matters such as what period of time Google tracked individuals, the quantity and nature of data captured, how that data was used and what commercial benefit there was to Google in processing it. In the absence of any evidence of any of these matters, it was held that an individual is not entitled to compensation.
Hot off the coattails of the above case, we acted for the successful Defendant in Johnson v Eastlight Community Homes Ltd  EWHC 3069 (QB) in which a claim was struck out by the High Court’s Media and Communications Section.
In this case, the Defendant mistakenly sent a compilation of rent statements relating to a number of its customers to a third party by e-mail which included the Claimant’s personal information. The Defendant faced a claim for damages for a number of breaches including the misuse of private information, breach of confidence and breaches under the ECHR and GDPR.
Master Thornett struck out all claims save for the GDPR claim and directed that the remaining claim be dealt with in the appropriate forum, the County Court, on the basis that it had “all the hallmarks of a Small Claims Track claim that should have been issued in the County Court and so allocated”. Master Thornett made it clear that the “lure of adopting a more elaborate and more expensive approach just because the subject matter can so permit is simply unacceptable”.
As a consequence, the High Court has given a clear decision that breach of confidence, misuse of private information and other causes of actions that are advanced in low-value data breach claims are simply collateral to a GDPR claim, are likely to obstruct the just disposal of proceedings, and take up a disproportionate and unreasonable amount of Court time and costs. The High Court’s direction is that claims such as these ought to be allocated to the Small Claims Track in the County Court. The fixed costs regime of the Small Claims Track ought to, therefore, apply to any similar data breach claim.
This decision, therefore, drastically reduces the cost exposure faced by defendants in low-value data breach claims. At the same time, it still preserves access to justice and the right for claimants to pursue a remedy from the Court, albeit within the confines of the Small Claims Track. All organisations, not only solicitor firms facing similar low value claims will welcome this finding.
+ 44 (0)1633 657682
London - Walbrook
+44 (0) 20 7894 6925
+44 (0)117 918 2743
Clare Hughes-Williams, Naomi Park
Clare Hughes-Williams, Tom Bedford
Hannah Gregory, Martin Langley
Justin Tivey, Clare Hughes-Williams
Astrid Hardy, Parminder Badhan, Phil Murrin
Sophie Ruffles, Catrin Davies
Mark Healing, Phil Murrin
James Hazlett, Suzanne Wharton
Gill Burnett, Paul Davison
Catrin Davies, Phil Murrin, Amy Harris