The authors discuss how the right to compensation under the GDPR and DPA 2018 has introduced a significant risk of damages actions following allegations of unauthorised use of personal data.
Businesses store and process vast amounts of personal data. When management of that data allegedly goes wrong, litigation can follow. Recently, a number of significant collective actions related to data have surfaced in the UK, including those involving Google, YouTube, Marriott, Morrisons Supermarkets, British Airways and EasyJet.
Authors Louise Freeman of Covington & Burling, Kate Scott of Clifford Chance, and Samid Hussain of Cornerstone Research discuss how the right to compensation under the EU’s General Data Protection Regulation (GDPR) and the UK Data Protection Act of 2018 (DPA 2018) has, by design, introduced a significant risk of damages actions following allegations of unauthorised use of, or access to, personal data.
This article discusses some of the key legal and economic issues that arise in matters involving the unauthorised use of personal data in the UK. The emerging but nascent stage of such litigation in the UK means that experience from other jurisdictions and practice areas can provide significant insight into the likely challenges and opportunities when responding to such damages actions.
This article was originally published by The Expert Witness Journal in November 2020.
The views expressed herein do not necessarily represent the views of Cornerstone Research.