Yesterday, the UK’s Supreme Court rejected a claim that sought to gain billions in damages from Google LLC over alleged illegal tracking of over four million iPhone users between 2011 and 2012.
Further to the Lloyd v Google Supreme Court judgment, with the appeal being unanimously allowed, Cristina Crețu, Senior Privacy & Technology Consultant at MPR Partners, an international law firm, shares her thoughts.
“Today’s judgment in Lloyd versus Google LLC sets an interesting (and in our view correct) precedent regarding class actions for damages arising from infringements of the data protection rights. The most important takeaway in our view is that, in order for an action for damages to be successful, an interested party must prove that there is a contravention by a data controller of any of the requirements of the data protection legislation and that such contravention caused damages to that individual. Thus, for future reference, any similar action for damages should follow a two-stage procedure: (i) establishing whether the data controller was in breach of the data protection legislation and only afterwards (ii) claiming compensation.
“The second stage will require an opt-in mechanism to be observed, entailing on one side the need to obtain sufficient information from each individual to support their claim with regards to the loss suffered and to determine if the individual is eligible to be part of the group action and on the other side for the individual to opt in regarding such action. It is clear from today’s judgement that general damages cannot “be awarded on a uniform per capita basis to each member of the represented class without the need to prove any facts particular to that individual”, as Mr. Lloyd had requested. Whilst class actions suffered a setback today, if interested parties are willing to learn some lessons from this case, the future of actions related to compensation for data protection breaches in the UK does not have to be bleak.”