The High Court has issued new guidance on data protection claims brought in the High Court following the case of Stadler v Currys.
Facts of the case
The claimant had purchased a smart TV from Curry’s in 2017 and when the TV went in for repair, Currys advised it would be disproportionately costly to repair the TV and offered a voucher in exchange for the TV. The claimant was not asked to remove any personal data from the TV nor was he advised to log out of any existing apps. Currys eventually sold the TV onto a third party without performing a factory reset or any other data wipe activity. The claimant was surprised to find that in 2020 a movie had been purchased using his Amazon account through the smart TV which was evidently still logged into his apps.
The High Court
Following these events, the claimant brought a claim in the High Court for damages of up to £5,000 for (1) misuse of private information (“MOPI”); (2) breach of confidence (“BOC”); (3) negligence; and (5) breach of data protection law, in particular pursuant to Article 82 UK-GDPR and sections 168 and 169 of the Data Protection Act 2018. Currys succeeded in striking out the MOPI and BOC claims as there was no positive act by Currys which amounted to a breach or misuse of data. They also defeated the Negligence claim as the claimant was fully compensated by Currys at the time of the event. Currys’ attempt to strike out the data protection claim, however, did not succeed with the High Court rejecting arguments that the breach was too trivial having considered the nature of the information disclosed and the fact that it has been used by a third party. Although the court held that the data protection claim should proceed, it was made abundantly clear that low value data protection claims should be brought in the County Court. The judge reminded the parties of CPR PD7A 2.4 which allows a case to be brought in the High Court only if by reason of:
(1) the financial value of the claim and the amount in dispute, and/or
(2) the complexity of the facts, legal issues, remedies or procedures involved, and/or
(3) the importance of the outcome of the claim to the public in general,
the claimant believes that the claim ought to be dealt with by a High Court judge.
The Judge held that this case did not satisfy any of the above criteria for the case to be heard in the High Court. He placed emphasis on the fact that the value of the claim was astonishingly low and centred itself on an isolated breach, both characteristics of a case suitable for the County Court. Despite Currys’ lawyers advising the claimant’s lawyers to pursue the matter in the County Court, meeting the overriding objective of conducting litigation proportionately, the claimant’s lawyers did not proceed on this basis.
For lawyers this is a clear reminder that the court will have little tolerance for low value data claims being brought in the High Court. Instead in most cases they will need to proceed in the County Court where they are likely to be allocated to the small claims track with limited ability to recover costs.
For tech companies in the data protection firing line, this may seem like yet another win but the moral of this story is not a tricky one: wipe all second hand electronic devices, such as phones and TV’s prior to selling them on to any third party.
Consistent with our policy when giving comment and advice on a non-specific basis, we cannot assume legal responsibility for the accuracy of any particular statement. In the case of specific problems we recommend that professional advice be sought.