By Matthew Pascall, Senior Underwriting Manager.
Temple has been insuring media and communications litigation cases for many years and is the principal insurer in the ongoing phone hacking litigation. Recently, starting with Data Protection Act claims, we have been turning our minds to see what new issues might be litigated by our media law clients in the future.
The clear message we are getting is that data protection claims are likely to become a much more prominent feature of the media litigation landscape. Claims under the DPA are routinely allied to common law claims for misuse of private information, libel and breach of confidence but some see the potential for growth in stand-alone DPA claims.
But how does one value a DPA claim? What are the courts saying about damages?
Two cases may point the way.
In TLT & Others v Secretary of State for the Home Department [2018] EWCA Civ 2217 [2018] 4 WLR 101 the Home Office had accidently released the names and personal details of a number of individuals who had applied for asylum on a spreadsheet that could be accessed via the Home Office’s website. In the case of these particular appellants, the names of parents were shown on the spreadsheet but not the names of their children.
The Home Office argued on appeal that, with respect to the children, because their names had not been shown, there had been no misuse of their private information, and, for the same reason, there had been no breach of the DPA because the spreadsheet had not contained any personal data. The Court of Appeal was satisfied that the trial judge had been right to find that the personal data and their private information had been misused because one could readily identify the children because of the presence of their parents’ details on the spreadsheet.
The question of the quantum of damages did not arise on the appeal. Some useful guidance was provided by the trial judge, Mitting J, at paragraph 18 of the judgment – [2016] EWHC 2217, relying, in part, on the guidance given in Gulati v. MGN [2016] 1 WLR 1217: –
18. The best guidance to the approach to the assessment of damages is I believe to be found in the judgment of Lady Justice Arden in Gulati at para.48, with modest amendments:
“Damages in consequence of a breach of a person’s private rights are not the same as vindicatory damages to vindicate some constitutional right. In the present context, the damages are an award to compensate for the loss or diminution of a right to control formerly private information and for the distress that the [claimants] could justifiably have felt because their private information had been exploited, and are assessed by reference to that loss.”
The only significant modification required is the substitution of “disclosed” for “exploited”. There is no suggestion of exploitation by the Home Office of confidential and private information on the facts of these cases.
The parents were awarded £12,500 in damages each and their child was awarded £2,500.
In Lloyd v Google llc [2018] EWHC 2599 (QB) [2019] 1 WLR 1265 Mr Lloyd brought a claim against Google on his own behalf and as a representative of a class of millions seeking compensation under section 13 of the Data Protection Act 1998 on the basis of a breach of duty under section 4 of the 1998 Act which he said had caused damage within the meaning of section 13 to him and the class of which he was the representative.
Over a period of about 8 months, Google had tracked smartphone users’ when browsing activity by installing software on the users’ phones without their knowledge or consent. Google then sold the data obtained through this process to third parties, again without the users’ knowledge or consent.
The central issue before the Court was whether or not he and the class he represented had suffered damage as a result of the alleged breach of duty. Damage is the term used in section 13 but, in this case, the same word is used in Practice Direction 6b governing service out of the jurisdiction. If the claimant could not show he and the class had suffered damage, the claim would fall at the first hurdle because the claim could not be served.
Warby J concluded that the claimant and the class had not suffered damage. The following extract from his judgment (para. 74) may provide valuable when assessing whether a DPA breach has, in fact, caused damage to a potential claimant: –
“I do not believe that the authorities show that a person whose information has been acquired or used without consent invariably suffers compensatable harm, either by virtue of the wrong itself, or the interference with autonomy that it involves. Not everything that happens to a person without their prior consent causes significant or any distress. Not all such events are even objectionable, or unwelcome. Some people enjoy a surprise party. Not everybody objects to every non-consensual disclosure or use of private information about them. Lasting relationships can be formed on the basis of contact first made via a phone number disclosed by a mutual friend, without asking first. Some are quite happy to have their personal information collected online, and to receive advertising or marketing or other information as a result. Others are indifferent. Neither category suffers from “loss of control” in the same way as someone who objects to such use of their information, and neither in my judgment suffers any, or any material, diminution in the value of their right to control the use of their information. Both classes would have consented if asked. In short, the question of whether or not damage has been sustained by an individual as a result of the non-consensual use of personal data about them must depend on the facts of the case. The bare facts pleaded in this case, which are in no way individualised, do not in my judgment assert any case of harm to the value of any claimant’s right of autonomy that amounts to “damage” within the meaning of section 13 of the DPA.
In our view
People interact with those who control and process data every second of the day. It is a highly regulated area and individuals have a right to seek compensation where they have, as Warby J put it, suffered compensatable harm. The Google case helps to explain what type of loss could result in damages.
As this area of law grows and develops Temple will continue to offer litigation insurance and disbursement funding to support claimants bringing claims for the misuse of their private information and under the DPA. To find out about this please call our commercial team on 01483 577877 or email
You may also want to read about
Matthew Pascall
Legal Director – Head of Commercial
Matthew Pascall
Matthew was called to the Bar in 1984 and joined Guildford Chambers two years later. Spending more than 30 years in practice there, he was listed as a Legal 500 Tier One barrister.
He joined the commercial team at Temple Legal Protection as Senior Underwriting Manager in 2017.
Matthew was appointed to Temple’s Board in December 2022 as Legal Director and Head of Commercial.
His knowledge of the commercial legal sector and litigation practice is invaluable to the business and our clients, providing specialist experience to lead the commercial litigation insurance team.
Read articles by Matthew Pascall