Every day’s a school day

18 November 2021

Rolfe v Veale Wasbrough Vizards [2021] EWHC 2809 (QB)

The Claimants sought damages for misuse of confidential information, breach of confidence, negligence and damages under s169 of the Data Protection Act 2018 after the Defendant law firm sent a letter meant for them to a wrong email address. The letter concerned a demand for payment for outstanding school fees, the Defendant being instructed by the school. The Claimants were two parents and their child.

The letter, sent by email, contained the Claimants’ names, their home address, the amount of school fees owed, the name of the Educational Trust to which it was owed, and a list of payments which had been made in the previous five years.

The recipient of the email promptly alerted the Defendant that they had received the letter in error. The Defendant asked the recipient to delete the email. There was no evidence that they had done anything but follow this instruction.

The Defendant said that any damage and/or distress caused was so los as not to satisfy the de minimis threshold. Master McCloud agreed and gave summary judgment. Moreover, the Court ordered that the Defendant’s costs be paid on the indemnity basis.

The Master held that there was no credible case that distress or damage over the de minimis threshold would be proved, so as to resist the summary judgment application, saying “in the modern world it is not appropriate for a party to claim, (especially in the High Court) for breaches of this sort which are, frankly, trivial.” Importantly, this judgment provides a clear authority for the principle that non-material damage such as distress includes an objective element: it is not only the distress caused that should be considered, but the distress a person of reasonable fortitude would have experienced. There is no room for eggshell skulls in data protection, it seems.

Claimants and defendants alike should read this judgment with July’s decision of Saini J in Warren v DSG Retail Limited. In that case, the Court transferred a low value claim from the High Court to the County Court, having struck out and/or dismissed the majority of the claims, there being no positive act on the part of the defendant and no duty of care. It has been a good few months for data controllers.

Further reading

Rolfe v Veale Wasbrough Vizards

Warren v DSG Retail Ltd

Authors

Aaron Moss

Call 2013

John Goss

Call 2015

The Data Brief

A monthly data protection bulletin from the barristers at 5 Essex Chambers

The Data Brief is edited by Francesca Whitelaw KC, Aaron Moss and John Goss, barristers at 5 Essex Chambers, with contributions from the whole information law, data protection and AI Team.

Visit the Information Law, Data Protection and AI area

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
pum-2210	1 month	This cookie is set to hide the move of address notification
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
CONSENT	2 years	YouTube sets this cookie via embedded YouTube videos and registers anonymous statistical data.

Cookie	Duration	Description
VISITOR_INFO1_LIVE	5 months 27 days	YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
YSC	session	Youtube sets this cookie to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt.innertube::nextId	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
pum-2210	1 month	Description is currently not available.
VISITOR_PRIVACY_METADATA	5 months 27 days	Description is currently not available.

Every day’s a school day

Authors

Aaron Moss

John Goss

Other articles in this edition

The Data Brief

Search The Data Brief

Search