Site icon Bindmans

Data Protection claims: Conclusion - a fragmented future

Not so long ago, following the Court of Appeal’s judgment in the seminal case of Lloyd v Google LLC [2019] EWCA Civ 1599, commentators and media outlets predicted an era where organisations would be submerged in a rising tide of US-style ‘class-action’ data breach claims.

On the contrary, 2021 has given us three recent cases which have decisively reshaped the likely future landscape of these claims. They are:

  1. Darren Lee Warren v DSG Retail Limited [2021] EWHC 2168 (QB)
  2. Alan Rolfe & Ors v Veale Wasborough Vizards LLP [2021] EWHC 2809 (QB)
  3. Lloyd v Google LLC [2021] UKSC 50

Throughout our Data Protection claims series, we have discussed all three cases and their judgments. The overall effects of the judgments on the future landscape of data litigation are cumulative, and they are particularly instructive for ‘data breach’ claims which have involved a cyberattack.

In our view:

This is not by any means stopping the rising tide of data claims, which will become ever more prevalent in a digital future. However, the overall effect of these judgments is that in future, we would anticipate that claims arising from personal data breaches or other contraventions of data protection law would be limited to claims in respect of the more serious and egregious breaches, properly particularised and with a claim for damages set out to be assessed on an individualised basis.

Exit mobile version