Data protection claim settles with majority of defendant’s costs recovered
Welwyn Hatfield Borough Council had a claim brought against it for inadvertently disclosing the claimant’s name, former address and former mobile and landline number on its online planning portal. The claimant had made an application for planning permission with the Council many years ago, and the information in question had, by error, not been redacted when records were moved online. The information was online for about eight months.
The Council acted swiftly, responding to the claimant on the same day he alerted the Council about the information being available online in unredacted form. The Council investigated the incident, deleted the relevant information, and apologised to the claimant.
In line with what has become a standard ‘template’, the claimant issued proceedings, pleading negligence, breach of the (then) GDPR, misuse of private information, breach of confidence and breach of Article 8 of the European Convention on Human Rights. He sought damages not exceeding £3,000 as well as a declaration, saying the data breach had caused him distress and anxiety.
The claim was issued in the High Court Media and Communications List in late 2020 despite the Council maintaining that this was a County Court small claims track matter. It was subsequently transferred following the Council’s application for transfer. In light of the judgment in Rolfe and others v Veale Wasbrough Vizards LLP [2021] EWHC 2809 (QB), the Council’s solicitor with conduct of this matter in late 2021 considered whether it would be sensible to apply to have the claim struck out and/or apply to amend the pleadings. An application was made to amend the defence to reflect the then very recent line of case law’s focus on de minimis threshold, and for the claim to be struck out.
Eventually, the claimant, who had put forward several Part 36 offers, conceded to the Council’s position, and agreed to settle the matter by consenting to the Council’s strike out application and by paying the majority of the Council’s costs.
Why is this outcome important? Local authorities and other entities have seen an increase in often inflated low value data protection breach claims, which can, in part because of the business model of solicitor firms operating in this area, become very costly very quickly. The outcome of this case is a helpful indication that certain types of data breach claims can and should be robustly defended. Those working in this area are pointed to the latest helpful relevant High Court decision: Stadler v Currys Group Ltd [2022] EWHC 160 (QB).
Dr Christina Lienen advised the Council on the merits of the claim, drafted the defence, assisted with the application for transfer to the County Court and advised on the strike out application and settlement. Christina was instructed by Rachael Simpson, Senior Litigation Lawyer at Welwyn Hatfield Borough Council.