U.K. Court of Appeal’s Award of Compensation for Distress to an Individual Following a Breach of the Data Protection Act: Opening the Floodgates for Claims by Individuals?
World Data Protection ReportAuthor: Steven P. Farmer
This article was published in World Data Protection Report, November 2013, published by
Bloomberg BNA (www.bna.com).
While regulatory action by the U.K. Information Commissioner’s Office ("ICO") is relatively
commonplace and well reported following data breaches, particularly since the ICO was
granted powers to issue on the spot fines for serious breaches by data controllers of up to
£500,000 back in 2010, private actions for data breaches could be described as occurring
"once in a blue moon".
Nevertheless, in what is a rare and groundbreaking case, the Court of Appeal recently
awarded compensation to an individual for distress following a breach of Section 13(2) of
the Data Protection Act 1998 ("Data Protection Act").
In Halliday v Creation Consumer Finance Limited (2013) EWCA Civ 333, a claim for
compensation for an individual’s distress under Section 13(2) Data Protection Act was
considered. Significantly, the Court of Appeal clarified that, when considering compensation
for distress under the Data Protection Act, it should be borne in mind that it is "not the
intention of the legislation to produce some kind of substantial award".
Whilst this case would appear to provide useful guidance as to what will unlock a claim for
distress under Section 13(2), it can be argued that this judgment represents the narrowest
of victories for potential claimants who believe that they have suffered distress, and,
further, that it is unlikely to encourage a swath of fresh civil claims being brought by
individuals alone unless such distress is above and beyond mere frustration.
No comments:
Post a Comment