The Data Brief

A monthly data protection bulletin from the barristers at 5 Essex Chambers

No claim where there’s only blame – Lloyd v Google in the Supreme Court

18 November 2021

The Supreme Court’s unanimous decision in Lloyd v Google [2021] UKSC 50 to allow Google’s appeal is hugely significant for data protection on various levels. There are real issues around how any representative action based on data protection breaches could now be constituted – something which seriously limits the prospect of legal challenges based on underlying business models, as opposed to individual breaches of data protection law. We will return to that in a future Data Brief. For now, we want to focus on the other significant findings – that damages for breach of the Data Protection Act 1998 are not available for loss of control alone, but only for material damage and for distress.

The Supreme Court affirmed that loss of control can be a head of damage in misuse of private information (“MPI”) claims. But as regular Data Brief readers will know, the scope for MPI claims in data breaches by third parties is limited, so that will not always come to the rescue of data subjects. Combined with a robust approach to the de minimis principle on distress (as set out in Rolfe, discussed below), the fact that damages do not lie for the fact of a breach alone is likely seriously to limit the viability and value of individual claims by data subjects where there has been a breach, but no real consequences beyond mild concern or pique.

Lord Leggatt (giving the only judgment) made clear that he was not considering the position under GDPR/the Data Protection Act 2018. But it seems likely that the same principles will apply, given the wording of Art 82 (UK) GDPR and s.168 Data Protection Act 2018.

Further reading

Lloyd v Google

The Data Brief

A monthly data protection bulletin from the barristers at 5 Essex Chambers

The Data Brief is edited by Francesca Whitelaw KC, Aaron Moss and John Goss, barristers at 5 Essex Chambers, with contributions from the whole information law, data protection and AI Team.

Visit the Information Law, Data Protection and AI area

Search The Data Brief

Portfolio Builder

Select the practice areas that you would like to download or add to the portfolio

Download    Add to portfolio   
Title Type CV Email

Remove All


Click here to share this shortlist.
(It will expire after 30 days.)