Are mass claims for data privacy breaches the new norm?
Bigger claims and bigger damages; handling collective actions in a world of third-party funding and increased individual awareness. By Richard Jeens, Samantha Holland and Anna Broadley of Slaughter and May.
Since the GDPR came into force in 2018, organisations have faced sweeping changes to the European data privacy regime, with increased obligations when dealing with personal data coupled with the risk of large fines for getting it wrong. Regulators are increasingly flexing their muscles with their enhanced powers, notable examples including the French CNIL’s €50 million fine against Google and the UK ICO’s recent £20 million fine against British Airways. However, this is only part of the picture. Potentially, the most significant risk facing organisations is that of mass civil damages claims from large groups of aggrieved individuals for breaches of their data privacy rights.