Consumers are able to claim compensation from data controllers when they have contravened the requirements of the Data Protection Act (DPA) and that contravention has caused them damage. Where consumers can show that they have suffered distress from that breach and that damage has also been suffered, compensation may also be awarded in relation to that distress.
However, following a recent Court of Appeal decision, courts are unlikely to award compensation for distress generally unless it was caused directly by a breach of the Act. Furthermore, for distress to constitute a basis for compensation there must have been actual damage related to that distress.
Halliday v Creation Consumer Finance [2013]
In Halliday v Creation Consumer Finance, the claimant was awarded nominal damages for harm to his reputation and distress when a finance company passed incorrect information about an alleged unpaid debt to a credit reference agency.
The District Judge declined to consider the claim for damages for distress on the basis that no sufficient damages could be shown to have been caused by the distress. It was apparent that there was no damage to the claimant’s reputation or credit following the incident.
On appeal, nominal damages were awarded in the sum of £1 with an additional £750 being awarded by way of compensation. The court explained that the damages to reputation and credit suffered were nominal while damages for distress were modest as there was no fraudulent or malicious intent on the part of the defendant. Furthermore, the remedy under the Act is meant to compensate loss so the sum of £750 was appropriate for the level of distress suffered.
Implications of the Halliday Judgement
Following this judgement, it is clear that there are a number of limitations on the likely levels of compensation for distress caused by breaches of the DPA. Most importantly, the distress suffered must arise as a result of a breach of the Act. In assessing the damages to be awarded, the circumstances of the case will then be considered and the quantum of damages will be based on actual damage caused.
Consumers who have suffered breaches to their data protection rights and seek damages from the court must therefore, ensure that these limitations are considered.
Businesses that unintentionally breach the DPA can be comforted that claims are likely to be limited to actual losses flowing from the distress rather than the distress itself. Of course, if evidence of actual loss can be produced by claimants, this is likely to be considered in the assessment of damages.
If you need advice regarding compliance with the Data Protection Act or a claim relating to the Data Protection Act, Rollingsons has experienced lawyers who can assist you. For more information please contact us on 0207 611 4848.
No comments:
Post a Comment