Data Protection Act non-pecuniary damages in the County Court

The Data Protection Act 1998 (DPA) is, as its regulator the Information Commissioner (IC) concedes, “complex and, in places, hard to understand”. Moreover, it has been observed that 

there is…little case law…most damages claims under the DPA go to the County Court, where unless you were in the case it is hard to know that it happened or get hold of a judgment

To which one would add that, as most damages claims go no further than the County Court those cases we do hear about don’t set precedent anyway.

However, thanks to the website LegalBeagles we do now have another judgment which deals with the DPA, and which was handed down in June this year in the County Court at Taunton. In the judgment (.pdf, 12MB), in rather dense prose, Deputy District Judge Stockdale ruled on a money claim against Lloyds Bank for unfair bank charges (the primary claim) and a claim for damages under section 13 of the DPA. Holding that the specific bank charges between 2007 and 2009, for unauthorised overdraft facilities, were indeed unfair (for reasons I am rather ill-equipped to explore), the Judge went on to hold that the referral of a default to credit reference agencies was in breach of the first data protection principle (Schedule One, DPA) which obliged the bank to process the claimant’s personal data fairly (and lawfully). This was because, by reference to the then IC Guidance “Filing of defaults with credit reference agencies”, the relationship between the lender and the individual had not broken down. The guidance said

The term ‘default’, when recorded on a credit reference file should be used to refer to a situation when the lender in a standard business relationship with the individual decides that the relationship has broken down

In this case, as the claimant and the bank, at the time the latter registered the default, had entered into a repayment arrangement (which the claimant was keeping to), it could not be said that the relationship had broken down.

An interesting point about this judgment is that the claimant’s case was bolstered by the fact he could point to a prior assessment opinion by the IC. He had complained about the bank’s actions to the IC, who had determined (in line – although this is unsaid in the judgment – with his duties under section 42 DPA to assess processing) that it was unlikely that the bank had complied with its DPA obligation. This clearly carried weight for the judge (as did the Guidance).

Another interesting point is that, in assessing the remedy for the contravention, the judge followed the (compelling) dicta of Tugendhat J in Vidal -Hall & Ors v Google Inc [2014] EWHC 13 (QB) and awarded compensation  for what was non-pecuniary damage of £1000, in recognition of the trouble to which the claimant had been put in pursuing the matter and bringing the claim. The claimant was also successful in an application under section 14(1) DPA for erasure/destruction of the default on his credit reference files.

Vidal-Hall has not yet come to trial. If, when it does, Tugendhat J’s “preliminary view” that “damage in s.13 does include non-pecuniary damage” is upheld, it could lead to a rush of similar claims being made.