Home / News & Resources / News & Updates / Huge step forward for privacy rights after ground-breaking data protection ruling

Huge step forward for privacy rights after ground-breaking data protection ruling

  • Posted on

A data protection case against Google has resulted in a huge win for individuals and their data privacy rights.

The legal action[1], which relates to events that took place nearly a decade ago, will make it much easier for people to make a data breach claim.

What happened in this case?

Between 2011 and 2012, Google used cookies on Apple's Safari web browser to collect data about its users. This included information on health, race, ethnicity, sexuality and finance. It is alleged that this happened even if someone changed their setting to "do not track".

In response, a group action was launched to help people challenge the big technology company over this data privacy violation. But, in October 2018, the case was thrown out.

One reason behind this decision was that it was deemed too difficult to calculate how many people had been affected and in what way. This is because, to make a data breach compensation claim, each individual had to show that they had suffered. This could include experiencing either emotional distress or financial loss as a result of a breach.

However, this case was taken to appeal. And, in a "ground-breaking" ruling, the Court has shown that big business is not above the law.

What happened in the appeal?

The Court of Appeal decided that all data breach claims are valid. Even if someone hasn't suffered financial or emotional damage as a result. Simply losing control of the personal information is sufficient grounds to make a claim.

What's more, the appeal also found that people are entitled to compensation even if the only personal information breached was their email address.

What does this mean for victims of a data breach?

This is good news when it comes to the protection of our privacy rights. It means that organisations are much more likely to take their data responsibilities seriously. And, where a breach does occur, it is now much easier to hold corporate giants to account.

What's more, a group action can now be launched based on the total number of those affected. Not just the individuals who have proactively decided to pursue compensation. This will make the group action claim process much quicker.

Businesses will have to do more or risk legal action and hefty costs

Speaking about the case, our managing director Kingsley Hayes said:

"This is a very significant development which recognises that personal information has a value and when that private data is compromised, the individual has a right to compensation whether or not they have suffered actual, or potential, financial loss or psychological injury.

"The ruling rightly adds further weight and consequence to any breach of personal data, even if a breach only involves an individual's email address. This is likely to open the floodgates as consumers become increasingly proactive about protecting their privacy rights and seeking legal redress.

"Businesses who are not already taking their data protection obligations seriously will have to step up their data protection practices or face legal action and hefty costs.

"The development is fair and right providing robust clarity that the law sits firmly behind the rights of individuals to have full control of all their personal information and how, when and where this is stored, processed or shared."

How do you make a data breach claim?

If you have experienced a breach of any part of the Data Protection Act, you have a right to claim compensation.

And, keeping things simple, as far as individuals are concerned, the process of making a data breach claim remains largely the same. So, if you are worried that your information has been lost or misused, we can help.

At Hayes Connor Solicitors, we know what it takes to make a successful compensation claim. In fact, we've been helping people to do just that for over 50 years. We also steer you through the aftermath of a data breach - minimising the impact on you as much as possible.

In most cases, data breaches happen because of a failure to implement reasonable and robust processes. So claiming compensation isn't just in your best interests. The only way organisations will be persuaded to take their responsibilities seriously and make the necessary improvements is by hurting their bottom line.

Find out more about making a data breach compensation claim.

[1] Lloyd v Google