On the 28 and 29 April 2021, the Supreme Court will be hearing the appeal by Google LLC against the order of the Court of Appeal in the case of Lloyd v Google LLC ([2019] EWCA Civ 1599) granting Mr. Lloyd, the representative claimant permission to serve a representative claim out of the jurisdiction in the USA.

The action is brought on behalf of an estimated 4.4 million iPhone users against Google’s alleged unlawful gathering and exploitation of browser generated information (“BGI”) on Apple’s Safari browser, in breach of section 4(4) of the UK Data Protection Act 1998. Interpretation of the 1998 Act is nonetheless likely to be relevant to the current legislative regime, i.e. the GDPR and the Data Protection Act 2018.

This is a much awaited decision which may pave the way for new “opt-out” representative actions for data breach claims on the basis that all the claimants have lost control of their data.  

The Supreme Court will decide whether the Court of Appeal was correct to decide that:

• a non-trivial infringement of the DPA which does not cause any material damage or distress can result in “uniform per capita” damages being awarded for “loss of control” of personal data ; and
• it is not necessary for the members of a class to be identified in order to demonstrate the “same interest” when pursuing a representative class action under CPR 19.6(1)

The AG team of experts in contentious and non-contentious data protection and privacy matters will be sharing their analysis of the impact of the Supreme Court judgment when it is handed down, together with guidance on any practical implications for UK businesses which suffer a mass data breach.