Dr Patricia Jones is a data protection lawyer at law firm Pannone Corporate:
This case was brought by consumer rights activist Richard Lloyd alleging that Google had breached its data protection obligations under the Data Protection Act 1998 (DPA 1998) by using the browser generated information of more than four million Apple iPhone users.
Mr Lloyd had brought the case as a representative action on behalf of all the affected iPhone users arguing that they had the same interest. The Supreme Court disagreed. It considered that individual assessments of the entitlement to damages of each user would be required. The Court considered it necessary to establish what, if any, unlawful use Google had made of each user’s personal data and what damage had been suffered by the user as a result. The Court did not consider that damages can be awarded for a breach of the DPA 1998, where the individual doesn’t suffer any material loss or distress as Mr Lloyd had argued.
“Although the Supreme Court’s ruling in favour of Google was made under Data Protection Act 1998 which is no longer in force, it will make it more difficult for people to seek compensation for a data protection breach when they have suffered no material loss or distress. The decision will have implications for the bulk compensation claims that can typically follow a data breach affecting a large number of individuals and impact on the burgeoning data protection claims industry that has grown up. There are a number of data protection representative actions which were on hold pending the Supreme Court decision and it will be interesting to see what happens to them.
“Despite the judgement going in favour of the internet giant, it should act as a strong reminder to businesses – both large and small – about the importance of complying with the data protection legislation when collecting and using customer data. If businesses get it wrong, they could potentially face sanction from the Information Commissioner’s Office as well as compensation claims.