Daniel Ajuh

Introduction

The Online Safety Act (“OSA”) aims to make the internet a safer place, protecting adults and children from illegal and harmful content by making online service providers such as social media companies more accountable for content published on their sites[1]. Despite the positive intentions, the OSA may have unintended consequences. In particular, service providers will face the difficult task of balancing the duty to protect users from illegal and harmful content against the duty to protect freedom of expression.

The OSA became law on 26 October 2023.Continue Reading The Online Safety Act: Does this present a difficult balancing act for online service providers?

It is well known that, under the UK GDPR and Data Protection Act 2018 (“DPA 2018”), data subjects can enforce their data protection rights against data controllers directly in the courts and seek compensation for breaches of those rights.
Continue Reading Orders to Progress Complaints – No Backdoor Appeal Process For ICO Decisions

Over the last couple of years, the High Court has been sceptical of low-value compensation claims for minor data breaches (see our previous articles here and here). Such scepticism is illustrated by the High Court:

  1. criticising the “kitchen sink” approach adopted by claimants who bring overly complex claims with multiple causes of action and narrowing the scope of claims by dismissing misuse of private information and breach of confidence claims as in Warren v DSG Retail Ltd [2021] EWHC 2168 (QB), Johnson v Eastlight Community Homes Ltd [2021] EWHC 3069 (QB) and William Stadler v Currys Group Limited [2022] EWHC 160 (QB);
  2. transferring straightforward, low-value data breach claims to the County Court as the most appropriate court to hear the claim as in Warren v DSG Retail Ltd, Johnson v Eastlight Community Homes Ltd, Ashley v Amplifon Limited [2021] EWHC 2921 and William Stadler v Currys Group Limited; and
  3. condemning data breach claims for damages when there is little to no harm or the harm claimed has no prospect of meeting the de minimis threshold for receiving damages as in Rolfe v Veale Wasbrough Vizards LLP [2021] EWHC 2809 (QB).

A recently published case in England and the Opinion of EU Advocate General, Campos Sanchez-Bordona, on UI v Österreichische Post AG in October 2022 have given further support to the approach of the High Court, although the traffic has not been all one way as the High Court decision in Driver v Crown Prosecution Service [2022] EWCH 2500 (KB) departed slightly from this emerging line of judicial thinking.

We take a closer look at these three cases below and provide you with some key takeaways.Continue Reading English Courts’ Stance on Low-Value Data Breach Claims Continues to Harden, But There May be Hiccups Along the Way