Following the Lloyd v Google LLC judgement and the government's announcement that it would allow the representative action provisions under Article 80, options to bring representative actions on behalf of data subjects following a data breach have been thin on the ground. Other claimants have tried to bring privacy lawsuits, but these have been discontinued.
A well-established alternative is a Group Litigation Order (GLO), although there is the question of cost-effectiveness. Particularly where liability is contested.
This was the issue in Bennett & others v Equifax Ltd. In 2017, the Information Commissioner's Office (ICO) issued Equifax a £500,000 monetary penalty for a significant data security breach under the Data Protection Act 1998 (DPA 98). The ICO estimated the breach had affected 700,000 UK data subjects. By the time of the hearing, around 1,000 claimants had issued claims against Equifax. The Claimants sought a GLO, which the Defendant opposed arguing preliminary issues on causation and loss should be determined. 11KBW Panopticon Blog has the details.
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 2,500 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.