Lloyd v Google: No Need to Prove Loss or Distress

The Court of Appeal have allowed the appeal of Lloyd v Google exciting many lawyers in the sector.

The decision has a major impact on class action cases but the Court also clarified the position with respect to claiming compensation for damages after a data breach has occurred.

A victim of a data protection breach had to prove that the breach had caused financial loss and / or distress. The Court of Appeal decision effectively changes this position and allows the victim to claim compensation for damages without the need to prove a financial loss or distress. This means that if an organisation breaches data protection laws, the loss of control of an individual’s data is itself enough for which compensation can be claimed.

The risk of exposure, for businesses who do not properly protect customers’ data, is now huge.

However, the story does not end here. Google have already stated their intent to appeal to the Supreme Court. Watch this space…

What is a Data Protection Breach?

Advice on identifying a Data Breach

Article 4 of the General Data Protection Regulation (GDPR) defines a data protection breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.” This definition is quite broad and therefore it is important that you can identify when a data breach has occurred no matter how minor the breach may seem. It is also important that you are aware of your rights.

Personal data breaches are:

  • access by an unauthorised third party
  • deliberate or accidental action or inaction by an organisation
  • sending personal data to an incorrect recipient, for example an email or letter
  • theft of personal data
  • alteration of personal data without permission

Here are some practical examples:

The theft of an organisation’s customer database, the data of which may be used to commit identity fraud. It is the organisation’s responsibility to keep your personal data safe and secure. If an organisation fails in this duty you have the right to make a claim for compensation. As result example of such a breach was the case involving British Airways in which the data of 500,000 customers was compromised.

A GP suffers a breach that results in an accidental disclosure of patient records. There is likely to be a significant impact on the affected patients because of the sensitivity of the data and their confidential medical details becoming known to others.

A school discloses the records of pupil which includes safeguarding measures to another pupil or parent. Again, this is likely to have a serious effect on the pupil in question and is likely to cause a great deal of distress and anxiety.

An organisation disclosing the name, address and contact number to a third party organisation without the permission from the individual in question. The third party organisation then use the personal data to make nuisance sales and marketing calls for an extended period of time.

A bank accidently sends an email containing the account details of a customer to the wrong recipient. This has the potential to cause serious financial problems for the customer given the risk of cybercrime and identity theft.

Data protection breaches can cause financial harm as well as distress and psychological harm in the form of anxiety, worry, embarrassment or feelings of violation.

Financial Harm

If your personal data has been breached you could find your self a victim of identity theft or cyber theft. Criminals could use your identity to open bank accounts or credit cards or they could use your personal data to steal from your bank account, credit cards or any other online payment method. It is important to keep yourself safe from online threats however if you have been a victim of identity or cyber theft, we can help.


Regardless of whether you have suffered any financial loss you can still make a claim if the data breach has caused you distress.
Data protection breaches can have a significant impact on the victim. If you have suffered from upset, anxiety, embarrassment or the breach has caused you physical injury or symptoms, please complete our claim form and we will help you claim for compensation.

If you have been the victim of a data protection breach you have the right to compensation. Get in touch via our website and our team will review your claim and start the compensation process.



Estate Agent fined £80,000 for Data Breach

A London estate agents has been fined £80,000 for leaving over 18,000 customers’ personal data exposed.

Life at Parliament View Limited exposed the personal data when they transferred data from an internal server to an associated organisation. The firm failed to ensure the proper privacy functions were in place and in doing so left personal data exposed for over two years. This allowed anyone going online access to all the data stored from March 2015 to February 2017.

The personal data exposed included passports, bank statements, identification documents, salary information, addresses and dates of birth.

In investigation by the Information Commissioner’s Office (ICO) found numerous security failings and found that the firm had not taken the appropriate steps to ensure the data was properly protected. To add insult to injury, the firm did not inform the ICO of the breach until hackers contacted the firm.

There has been a number of large organisations in the news recently who have been subject to millions of pounds worth of fines for serious breaches of data protection. However, it is not just the larger organisations who are obliged to keep our data secure. The smaller firms we deal with every day also have a duty to keep our personal data safe.

If you have been a victim of such breaches of data protection, please complete our online enquiry form and one of our team will contact you within 24 hours.

#dataprotection #keepsafe #bedataaware #mayergoldman