Lloyd v Google – putting the brakes on English data breach litigation?

  • United States
  • 10/17/2018
  • Iberian Lawyer

A judgment handed down today by the English High Court will be welcomed by UK data controllers. Lloyd v Google [2018] EWHC 2599 represents a corollary to recent case law expanding the circumstances in which litigation may be brought in relation to breaches of data protection legislation.

Most notably, the case:

reinforces the need for “damage” to be proven by claimants before compensation can be obtained in these circumstances; and
makes clear that the courts will not permit representative claims to be brought on behalf of a potentially large population of claimants without close scrutiny of the basis of those claims.
Recent discussion in the UK relating to data breach-related litigation has largely been focussed on the increasing risk of large-scale litigation arising from data breaches. While that risk has undoubtedly grown in the past few months due to recent case law and the implementation of GDPR, Lloyd serves as an important reminder that not all claims brought in these circumstances will be viable.

Background facts: the Safari Workaround
Lloyd v Google concerns an application to serve proceedings out of the jurisdiction on Google, in respect of a claim for compensation arising from the “Safari Workaround”. The Safari Workaround was a well-known means by which Google allegedly obtained private information about internet usage through its use of cookies without individuals’ knowledge or consent, via the Safari web browser used on Apple iPhones. According to the plaintiffs, this information enabled Google to provide information to advertisers to help in targeting or tailoring of advertisements to internet users.

The Safari Workaround was essentially the subject-matter of Vidal-Hall v Google Inc [2015] EWCA Civ 311 [2016] QB 1003. This was a high-profile case which established that compensation could be awarded to individuals under English law if they suffered non-pecuniary loss such as distress arising from a breach of data protection legislation.

The nature of the claim in Lloyd v Google
The representative claimant sought compensation arising from alleged breaches of the data protection principles set out in the Data Protection Act 1998 (the “Act”), committed by the implementation and operation of the Safari Workaround. In bringing the claim, the claimant relied on s13 of the Act which provides data subjects with a means of obtaining compensation should they suffer damage as a result of a contravention of the Act by a data controller. Warby J accepted that there may well have been an actionable breach committed as a result of the Safari Workaround, which could form the basis of a claim for compensation under the Act.

Read the full article here: https://www.dataprotectionreport.com/2018/10/lloyd-v-google-putting-the-brakes-on-english-data-breach-litigation/