Court of Appeal decisions increase risk for businesses of Data Breach Claims - Kuits Solicitors Manchester
  • Insights
  • Court of Appeal decisions increase risk for businesses of Data Breach Claims

Court of Appeal decisions increase risk for businesses of Data Breach Claims

Court of Appeal decisions increase risk for businesses of Data Breach Claims

8th January 2021 - Published by Kuits Intellectual Property team

One of the areas in which we have seen a recent increase in litigation is in respect of claims for data protection breaches and the misuse of private information. The floodgates were opened to such claims by the case of ‘Vidal-Hall v Google Inc [2015] EWCA Civ 311′.  This case was brought by three individuals who claimed that Google, without their consent or knowledge, had obtained and recorded private information relating to them and their internet usage and provided that information to third party advertisers.

Previous cases

Prior to this case, a Claimant could only recover damages for distress if a financial loss could also be shown pursuant to Section 13(2) of the Data Protection Act 1998. However, the Court of Appeal disapplied section 13(2) and held that the requirement to have suffered financial loss was no longer required in order to be compensated for distress. This was a landmark decision; it opened the way for affected data subjects to claim damages for data protection breaches where they could not prove financial loss.

In October 2019 the Court of Appeal gave another important ruling in this area in the case of ‘Lloyd v Google [2019] EWCA Civ 1599′.  In this case, the Court held that damages are capable of being awarded for the loss of control of data, even if the Claimant does not show any financial loss or distress.  Although this case was brought under the old data protection regime (the Data Protection Act 1998), the new GDPR and Data Protection Act 2018 is likely to be interpreted in the same way. The removal of the requirement to prove damage opens the way for an increase in litigation and in particular, class actions. Google have appealed the decision and the appeal is due to be heard by the Supreme Court in April 2021.

What do these decisions mean?

The clear consequence of the Court’s decisions in these cases is that it makes it easier for Claimants to succeed in proceedings for data breaches. This in turn has led to a rise in litigation, with an increase in Claimant law firms and litigation funders becoming interested in this area. Claims are often funded by “no win, no fee” agreements backed by ATE (after the event) insurance policies.  This means that although the damages involved will generally be small, it will often be worth the Claimant bringing, or threatening to bring, a claim.

These developments in the law emphasise the need for businesses to focus on compliance with data protection legislation given the growing risk of litigation following a data breach or other breach of the GDPR.

Get in touch with an intellectual property solicitor in Manchester

If you would like advice on how to make sure your business is compliant and avoid the litigation that comes with a data breach, please contact solicitor Helen Harmel on 0161 838 7816 or email

Subscribe to our mailing list