Johnson v Eastlight Community Homes Ltd  EWHC 3069 (QB)
One is starting to sense a degree of frustration emanating from the Bear Garden at the number and quality of data protection claims which the Masters are having to deal with. Hot on the heels of Rolfe (Data Brief 7), in which a claim was struck out for de minimis, this claim barely survived the same fate, and was transferred to the County Court for resolution on the small claims track. It also resolved some frequently encountered points of practice and procedure.
The facts were, again, that an email was sent to the wrong recipient with an attachment running to almost seven thousand pages. The Claimant’s personal details, relating to rent payments, were on three of those pages, buried in the middle. She brought a claim for misuse of private information, breach of confidence, negligence, breach of the Human Rights Act 1998 and breach of GDPR. She sought damages of £3,000 and an injunction. Her costs budget was for in excess of £50,000.
The breach was admitted, but the Defendant said that the claim was de minimis, and that in any event it should be struck out under the Jameel principle that the ‘game is not worth the candle’.
In the circumstances – which included no application by the Claimant for a private hearing or to prevent access to the court file – the Master held that the Claimant’s distress ‘seems more in the realms of the unknown or the hypothetical than in reality’. At the hearing, the claim in negligence was abandoned. The Master held that both the de minimis principle and the Jameel principle apply to claims under the GDPR, and that the claims in breach of confidence, misuse of private information and under the Human Rights Act 1998 added nothing to the GDPR claim. Being merely collateral, they were likely to ‘obstruct the just disposal of these proceedings and take up disproportionate and unreasonable court time and costs’. They were struck out under CPR 3.4(2)(b), a useful argument to note for the future.
The Master held that the GDPR claim was not one which should have been issued in the High Court, because it did not cross the value threshold in PD7A. Part 53 on media and communications claims does not alter that. This is an important point of practice that should mean most low-value data claims are excluded from the High Court.
He also held that the claim was one which ‘has all the hallmarks of a small claim track claim’. Again, this is a significant point of practice that should remove most low-value data claims from the principle that costs follow the event.
Ultimately, the Master was not, quite, persuaded that the GDPR claim was necessarily de minimis or should be struck out under the Jameel principle. The Claimant might establish at trial that she was entitled to ‘extremely low’ damages, at most, and that issue could be tried in the County Court on the small claims track.
What appears to have been a very poorly pleaded claim on somewhat opportunistic facts has led to a decision that radically undermines much of the industry that has sprung up around data claims (and indeed, the solicitors for the Claimant in this case, who also acted in Warren v DSG, have since gone into administration).
A monthly data protection bulletin from the barristers at 5 Essex Chambers