Law firm RPC, representing techUK, says its client is ’uniquely placed’ to make a written intervention and highlight the consequences for the wider technology community
Trade association techUK yesterday made a written intervention in appeal of the Richard Lloyd v Google case, which is at the UK’s Supreme Court.
The case in question sees Richard Lloyd, consumer protection campaigner and former head of Which? in 2017, allege that Google had acted in breach of its duties as a data controller under section 4 of the Data Protection Act (1998).
The basis of the claim alleges that four million Apple iPhone users on the Safari browser unknowingly had their internet activity tracked for commercial purposes between 9 August 2011 and 15 February 2012.
In the written intervention, techUK said: “The appeal concerns two issues of public importance that have profound implications for the UK technology sector. The first is whether monetary compensation is available in respect of a breach of data protection legislation, even where no damage or distress has been suffered.
“The second relates to the bringing of representative ‘opt-out’ actions in respect of claims for a breach of data protection legislation.”
It explained that the appeal has the potential to create a new legal precedent by permitting representative action claims for breaches of data protection legislation to be brought against technology companies, public sector bodies and others, on an ‘opt-out’ rather than an ‘opt-in’ basis - this means that those within the representative class do not have to prove they suffered any damage or distress.
International law firm RPC supports its client techUK in this approach.
The appeal will be heard in the Supreme Court on 28 and 29 April.
Speculative and vexatious claims
The statement continued: “TechUK is concerned that this may open the door to speculative and vexatious claims made against data controllers by individuals claiming to represent groups of people without their knowledge.
“TechUK does not oppose representative action claims, permitted under the current law. What we do oppose is creating an opportunity for claims being made on behalf of members of the public without their knowledge or consent and without those members of the public having suffered any damage or distress,” it added.
RPC’s technology team, led by David Cran and Alex Vakil, have instructed Catrin Evans QC and Ian Helme from Matrix Chambers.
Speaking about RPC’s support for techUK, Cran, partner at RPC, said: “Our support for techUK falls right into our sweet spot, not least as RPC’s technology team brings together a unique mix of significant digital, data and tech industry knowledge, led by individuals who have become ’go-to’ advisors for many of the world’s leading tech companies.
“TechUK’s written intervention points out the far-reaching consequences arising out of the Court of Appeal’s judgment that are of significant concern to those in the technology sector who control and process significant quantities of personal data in the furtherance of economic and social developments.
“TechUK represents many of the most important players in the digital technology space and champions a technology-led growth to a globally competitive, innovative and sustainable UK economy.
”As such, it is uniquely placed to make written submissions in this appeal to highlight the consequences of the Court of Appeal’s judgment to the wider technology community.”
More legal risk
Meanwhile, techUK argued in its written intervention that if “both issues [identified] are upheld, the UK would have adopted a different approach to claims for compensation [in comparison] with other European Union (EU) jurisdictions”.
Therefore, such divergence in approach “would create more legal risk for data controllers and data processors in the UK” than in the EU.
TechUK continued: “We believe the current law provides individuals with the appropriate tools to allow data subjects to obtain appropriate redress following data breaches. Claims for compensation arising from such breaches are routinely settled in accordance with the current legal and regulatory framework (Data Protection Act 2018).”