While class-actions are not (yet) a recognised key feature of the English legal system, as they are in the US or Australia, pressure is growing in the UK to allow collective or group litigation which appears to favour consumers rights or help promote access to justice.
These recent decisions support this growing trend.
Richard Lloyd v Google LLC
A representative action brought on behalf of a class of more than 4 million I-Phone users against Google, which seeks damages for Google's alleged use of "cookies" to track internet browser-generated information without consent, has been granted permission to proceed.
The Court of Appeal unanimously overturned the High Court decision and held that damages may be awarded for loss of control of data under the Data Protection Act, without the need to show pecuniary loss or distress. A person's control over their browser-generated information had a value, so that the loss of that control also had a value. The Court noted, however, that there is a de minimis threshold which will apply if the infringement is deemed "trivial" such as a one-off data breach that was quickly remedied.
The Court of Appeal held the members of the represented class had the same interest and were identifiable – they were all victims of the alleged same wrong and had all sustained the same loss of control over their data.
While claimants may recover no more than low-level compensation on an individual basis, the total claim value could reach £3 billion when aggregated. Legal fees will also be significant, which is likely to encourage more and more Claimant law firms to take on the fight and find next suitable case.
British Airways Data Breach Group Action
On 4 October 2019, half a million British Airways customers were granted permission by the High Court to bring claims against the airline following a cyberattack on its systems in 2018. The group litigation order gives customers that made bookings between 21 August 2018 and 5 September 2018 the right to join the group action. The group will remain open for the next 15 months.
The Information Commissioner Office's investigation was seen as a test case since it was one of the first breaches to follow the introduction of the GDPR in May 2018. The ICO concluded that BA's poor IT security enabled personal details, including payment data and addresses, to be leaked during a data hack that diverted customers to a fake website. The ICO has fined BA £183.4m in connection with the breach (1.5% of BA's annual global turnover).
Merricks v Mastercard Incorporated
This is the largest "opt-out" litigation in English legal history. Walter Merricks, representing the class, alleges that over a 16 year period, 46 million people paid anti-competitive fees when making purchases on their MasterCard and they should be awarded a share of £14 billion.
In May, we published "Class Actions in the English Courts - Update" and reported that the Court of Appeal had reversed the Competition Appeal Tribunal's refusal to grant a Collective Proceedings Order (CPO) in the MasterCard litigation. The Court of Appeal concluded that the CAT had demanded too much of the proposed representative (in terms of evidence and how an aggregate award would be distributed) at the certification stage. It ordered that the claim be remitted back to the CAT for a re-hearing with the correct approach applied.
Since then, MasterCard has sought the Supreme Court's permission to appeal the Court of Appeal decision and this was granted on 4 October 2019. The Supreme Court will now determine the legal test for certification of claims as eligible for inclusion in collective proceedings and the correct approach to questions relating to the distribution of aggregate awards at the stage where a party is applying for a CPO.
These cases suggest there is a growing shift in public, political and judicial opinion towards accepting class-action style litigation where consumers have had their rights infringed by corporations. It is perhaps too early to say who the winners will be. Will it be the affected consumers who may recover a relatively low level of compensation for their loss or will it be the Claimant law firms licking their lips as they prowl for the next corporate scandal or data breach? Corporations and their insurers will be hit the hardest financially, but perhaps there is a good news message buried in all this – jaw-dropping fines and substantial pay-outs to consumers highlight the importance of good corporate governance and the need for solid internal procedures.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.