In the recent decision of William Stadler v Currys Group Ltd [2022] EWHC 160 (QB), the High Court has confirmed that it is not the appropriate forum for low-value data protection claims. Further, the decision confirms the limited scope available to bring misuse of private information (“MPI”) and breach of confidence (“BoC”) claims as part of low-value data protection proceedings.
By way of recap, 2021 saw an unprecedented number of low-value data breach claims being issued in the High Court, Media and Communications list (“MACL”). In numerous decisions, the specialist Judges and Masters of the MACL expressed their criticisms of Claimants’ poorly pleaded Particulars of Claim which sought to overcomplicate a simple data protection claim (usually with quantum pleaded at £5,000 or less) to include MPI and BoC with a view to recover its ATE insurance premium if the claim were successful. The County Court has no jurisdiction over BoC claims so this is yet another reason why Claimants have persisted in issuing proceedings at the High Court.
Our previous article summarised our success in Johnson v Eastlight Community Homes Ltd, where the High Court confirmed that these types of low-value data protection claims ought to proceed in the Small Claims Track of the County Court where limited costs recoverability applies. This new High Court decision complements the run of positive decisions for Defendants towards the latter end of 2021 (see Warren v DSG Retail Limited, and Rolfe v Veale Wasbrough Vizards).
In Stadler, although HHJ Judge Lewis allowed the data protection claim to continue, the Judge transferred the case to the County Court, recommending that it would be appropriate for the Small Claims Track.
Background
This is a consumer dispute case about responsibility for the security of data stored on a smart television when it was returned to a retailer for repair. The smart television was later sold on without the Claimant’s data being wiped and someone purchased a film on the Claimant’s Amazon Prime for £3.49. The retailer later refunded the £3.49 and gave £200 vouchers in compensation to the Claimant.
The Claimant sought damages (including aggravated and exemplary damages) up to £5,000 for:
- Misuse of private information; Breach of confidence;
- Negligence; and
- Breach of Art. 82 GDPR and s.168-169 of the DPA 2018.
The Claimant also sought:
- An injunction to comply with UK GDPR/DPA; and
- A declaration that the Defendant breached Art. 5(1) UK GDPR.
The Defendant had made an application to strike out the claim on the basis that there were no reasonable grounds for bringing a claim given the compensation that had already been provided. Similarly, the Defendant argued that the claim for distress should be struck out as it was “not worth the candle”, or alternatively, the Claimant had no reasonable prospects of success such that summary judgment should be granted.
Judgment
The Privacy Claims
Misuse of private information / breach of confidence
The Judge stated that the Claimant had not pleaded his privacy claim adequately and did not set out the facts and matters relied upon. The Claimant also failed to identify the information said to be confidential. The Judge accepted the Defendant’s arguments that there could not have been any unauthorised use (or misuse) of the information by the Defendant because there was no actual knowledge of the information in question. In reaching this conclusion, the Judge affirmed the ruling of Mr Justice Saini in Warren v DSG Retail Limited.
Negligence
The Judge applied the ruling in Warren v DSG Retail Limited and struck out the claim for negligence as the Claimant had already been compensated by the Defendant. The Judge held that the Claimant had not suffered any recoverable loss from the incident for which a claim in negligence could be brought.
Aggravated and exemplary damages
Although these were no longer pursued, the Judge stated that these claims were wholly misconceived and without merit and so the Judge struck them out and/or granted summary judgment.
The Data Protection Claims
The Judge considered the Claimant’s data protection claim under Article 82 of the GDPR, s.168 and s.169 of the DPA 2018, which provide rights to compensation for breaches by data controllers. The Judge denied summary judgment on this aspect of the claim as more factual information was needed and, although there was a reasonable prospect of success on the data protection claim, this needed to be determined at trial.
The Judge recognised that if the Claimant’s pleaded case was correct, that the television stored sensitive data such as bank details, then it could not have been merely a trivial breach.
However, the Judge thought it would be disproportionate to allow such a low-value claim to be litigated in the High Court, considering the cost implications of it being litigated in this way. If it did, the Judge thought it “would not be worth the candle”. The Judge referred to pre-action correspondence between the parties and stated that there was no reason for the claim to have been issued in the High Court. Instead the Judge thought it more appropriate to be allocated to be allocated to the Small Claims Track.
The Judge applied CPR PD7A para 2.9A to confirm that there does “not appear to be any reason for this claim to have been issued in the High Court” and that although claims issued in the MACL may be “started in the County Court or High Court” this was not one of them due to its value. The Judge made similar comments to Master Thornett in Johnson, that the Claimant cannot over complicate their pleadings to attempt to add a level of sophistry where such causes of action are redundant and not adequately plead. In fact, the Judge noted that “the claimant has increased the complexity of the proceedings unnecessarily”. The Judge added that the County Court dealt with cases of an equivalent complexity every single day.
The Judge therefore transferred the matter to the County Court confirming that the appropriate allocation should be the Small Claims Track.
Outcome
The decision makes clear that Claimants ought not issue claims in the High Court under the pretence of complexity in order to increase costs. The Judge reminded the parties that litigation must be conducted proportionately and in accordance with the Overriding Objective. Organisations and Insurers facing similar low-value data protection claims will welcome the positive outcome in Stadler.