Good news for businesses when it comes to personal data (but do not get complacent)
17th November 2021 by Edwina Bones
The world of data protection can be daunting for many businesses, and even a cause of stress and anxiety for some. The highly anticipated case of Lloyd v Google LLC [2021] UKSC 50 however will be welcome news for any organisation that collects, stores or otherwise uses personal data (i.e. virtually every business).
By way of background, Mr Lloyd sought to bring a group claim on behalf of millions of users against Google after advertising tracking cookies were set on their devices without their consent. Google was successful in the first instance, lost at the Court of Appeal and have now won their case at the Supreme Court.
The court rejected the claim that data subjects affected by a data breach are entitled to compensation where they have only suffered a loss of control over their personal data, and determined that compensation for a data protection breach can only be granted if the individual has suffered some form of material damage (such as financial loss) or distress. This reflects the wording set out in the Data Protection Act 1998.
Even if such a claim could be bought against a data controller, the judgment held that the impact upon each individual had to be assessed on a case by case basis and so it would not have been possible to bring this action by way of a group claim. In other words, it was held that it would not be possible to make a ‘one size fits all’ decision as to how a data protection breach impacts a group of individuals.
Whilst the judgment assesses the rights of an individuals under the Data Protection Act 1998 rather than current legislation, the latter is worded in fundamentally similar terms and so it is very likely that the same approach would have been applied.
This ruling should offer some comfort to businesses who, despite taking all reasonable steps to ensure that they are complying with data protection legislation, occasionally make a trivial error. It should not lead them to become complacent however, as data protection continues to be an area of law that is vigorously upheld. Organisations may still be subject to claims if they are not taking steps to comply and an individual is materially impacted as a result. The above will no doubt offer some reassurance to data protection officers, but compliance still remains to be as important as ever.
If you have any questions about data protection compliance please contact Edwina Bones at e.bones@laceyssolicitors.co.uk or on 01202 377800. If you have any queries regarding issuing or defending a data protection claim please contact Brendan Herbert at b.herbert@laceyssolicitors.co.uk or on 01202 377800.
Edwina Bones
Senior Associate — Corporate and Commercial
Direct dial: 01202 377824
Edwina has returned to Laceys after working for Womble Bond Dickinson in Southampton and is a Senior Associate within our Corporate and Commercial team. Edwina specialises in commercial contracts, intellectual property and charity law and has experience in drafting, negotiating and advising on a variety of agreements. Since qualifying in 2011, she has advised a range of businesses in various sectors. This includes a secondment working in-house for a well-known multi-national retailer.
Edwina has been listed in the Legal 500 as having an “incredible knowledge and a drive to do things right’. She enjoys getting to know a client’s business in order that she can provide tailored, practical advice.
Outside of work Edwina enjoys practising yoga, walking her energetic Labrador in the beautiful Dorset countryside and generally keeping active as well as spending quality time with her family and friends.
Related articles
Vespero. Scotland’s first ‘tequila’ launched – but there’s a sour twist…
Many of us remember the Tequila song, assuring us that tequila makes us happy (at least until...
What’s the latest for AI and data protection?
AI is slowly becoming a part of our lives whether we have stopped to think of it...