• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
  • Bedfordshire
  • Milton Keynes
  • Northamptonshire
  • Awards
  • Knowledge Hub
  • Contact Us
  • About Us
    • Sustainability
    • The Podcast
    • ATB TV
All Things Business

All Things Business

First For Local UK Business News

  • Education
  • Professional Services
    • Legal
    • Finance
    • Recruitment & HR
    • Creative Marketing
  • Property
  • Environment
    • Wellbeing
  • Industry
    • Industry
    • Manufacturing
    • Motors
    • Logistics
    • Technology
  • Events
    • Events
    • Food & Drink
    • Sport
  • News

Cookies and compensation – claims under data protection legislation

News, Technology | December 1, 2021

Sadly, this is not an article about pay outs resulting from inadequate biscuits, although we had many volunteers to take part in a taste testing pilot scheme. It is rather about the potential for claims under data protection legislation for compensation for breaches. 

We are seeing a growing trend in alleged breaches related to automated data collection technologies, such as cookies, giving rise to claim letters from website visitors. 

Two trends in particular are great concern to businesses. The first is the emergence of enterprising claims farmers: individuals who invest their time identifying websites that are not compliant with the law on cookies and firing off a standard claims letter, citing ‘distress’ and requesting damages. The second is the ‘no-win-no-fee’ offering of law firms (who will usually also provide after-the-event insurance costs against adverse costs – thereby giving claimants a ‘free hit’) to launch data claims, often over spurious or trivial technical breaches. They advertise online using advanced SEO techniques to attract hundreds of clients searching for phrases like ‘data breach compensation’. The new ambulance chasing for the digital world, perhaps?

In brief, Article 82(1) of the retained UK law version of the General Data Protection Regulations (UKGDPR) specifies that compensation can be payable for a breach of the UKGDPR. Article 82(1) states: ‘Any person who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation from the controller or processor for the damage suffered’.

Under the Data Protection Act 2018, non-material damage includes distress. In terms of historic claims (arising prior to UKGDPR), the wording of Article 82 of UKGDPR is reasonably similar to section 13 of the Data Protection Act 1998. Therefore, whilst decisions related to the 1998 Act are not binding in respect of UKGDPR and/or the 2018 Act, they are likely to be considered a good indication of future decisions and interpretation of the newer legislation. 

So what does this have to do with cookies? Cookies are commonplace and are used on the majority of websites. They serve a variety of purposes but typically collect and store data about the website users’ actions, usage and/or preferences. Use of cookies is predominantly governed by The Privacy and Electronic Communications (EC Directive) Regulations 2003. This, broadly speaking, requires user consent for cookies to be set by a website. Cookies often collect personal data and therefore their use, and the collection/processing of any personal data they collect, is also subject to UKGDPR and the 2018 Act. Therefore, the compensation provision in UKGDPR can apply to breaches regarding cookies. Data processors and controllers should also have in mind their other obligations under UKGDPR and the 2018 Act as failure to comply with these could also lead to a claim for compensation.

The question is, and has been for a long time, what is necessary beyond a ‘breach’ for a compensation claim to succeed. This key point arises from the basic principle that under UK law, compensation (or damages) for this sort of breach are intended to put the injured party in a position as if there had been no breach. In terms of data protection breaches, that is a hard assessment to make as it is unlikely there will be a defined financial loss in most cases. 

In Lloyd v Google LLC [2021] UKSC 50, the Supreme Court recently gave guidance on claims for compensation under the 1998 Act. The case was predominately about the potential for mass representative claims for data protection breaches, but as part of its ruling the Supreme Court addressed some points on compensation claims. 

The Supreme Court determined that not every affected individual can claim for loss of control of their data without some identifiable material damage, or the individual having suffered distress. Whilst this case relates to the 1998 Act, we consider it a good indication of how such issues may be viewed under the newer legislation.

So, in instances of a trivial, or potentially even non-trivial breaches, it is important to ask potential claimants for details of the precise damage they claim they have suffered. As to claims for distress, this will take a more individualised approach, but it is still key to keep in mind the nature of the breach and data involved.  

Whilst in an ideal world your business will have a perfect compliance record and not commit any breaches of data protection legislation, compliance is an ongoing obligation and the way in which businesses operate naturally changes over time. The key is to keep your business practices, policies and procedures under regular review with data protection in mind, and to keep a record of the steps taken achieve compliance. If your business has the misfortune of receiving a letter setting out an alleged claim for compensation, consider carefully whether there has been a breach and, if so, the nature and extent of that breach and what harm it could have caused the individual.

For further information, or if you wish to discuss the issues surrounding cookies, 

data protection and potential compensation claims, contact James Howarth on 01908 872207,

email James.Howarth@howespercival.com or Stephen Ruse on 01604 258064 

or email Stephen.Ruse@howespercival.com

 

James Howarth

Howes Percival

 

Northamptonshire

Related stories

  • Northamptonshire
    May 26, 2022

    Planning application for saints’ new high performance centre approved

    Northampton Saints are delighted to confirm that West Northamptonshire Council Planning Authority have approved the Club’s application for the construction of a…
  • East Hunsbury Primary School Northamptonshire
    May 26, 2022

    New Headteacher for East Hunsbury Primary School as tributes are paid to retiring Head after 21 years’ service

    “Be kind, work hard, believe” – that is the message to children at East Hunsbury Primary School from new Headteacher Kathryn Pennington,…
  • Windfall tax on energy companies: Chancellor and business secretary need to stand their ground against the windfall tax siren calls – MHA comments Northamptonshire
    May 23, 2022

    Windfall tax on energy companies: Chancellor and business secretary need to stand their ground against the windfall tax siren calls – MHA comments

    Following the growing calls to impose a windfall tax on the profits of energy companies, to address the cost of living crisis,…

Primary Sidebar

Stay up to date on All Things Business

Subscribe to our monthly newsletter to receive the latest business news.

Online Edition

Northamptonshire edition, click here
Milton Keynes edition, click here
Bedfordshire edition, click here

Most Read

  • East Hunsbury Primary School New Headteacher for East Hunsbury Primary School as tributes are paid to retiring Head after 21 years’ service
  • Howes Percival A trio of new partners in East Mids among five senior promotions
  • centre:mk Centre:mk welcomes brand new Ted Baker store to Milton Keynes
  • Windfall tax on energy companies: Chancellor and business secretary need to stand their ground against the windfall tax siren calls – MHA comments Windfall tax on energy companies: Chancellor and business secretary need to stand their ground against the windfall tax siren calls – MHA comments
  • Workplace Wellbeing Why It's So Important Workplace Wellbeing: Why it’s so important

Footer

REGIONS

Northamptonshire
Milton Keynes
Bedfordshire
 

COMPANY

About Us
Contact
Awards
Podcast
Knowledge Hub
Sustainability
Request A Copy

Northamptonshire Office

1 Queensbridge, Northampton
NN4 7BF
Tel: 01604 267677

Milton Keynes and Bedfordshire Office

The Pinnacle, 170 Midsummer Boulevard, Milton Keynes,
MK9 1BP
Tel: 01908 030688

London Office

25 Bedford Square
London
WC1B 3HH
Tel: 0208 1760176

Follow us on

  • Facebook
  • Instagram
  • LinkedIn
  • Twitter

All Things Business is a publication produced by All Things Management Ltd. Registered in England No. 9590677


Privacy Policy