Data Breach Litigation: What’s New In 2020? The Annual Report of the ICO for 2019 reported that EU- widespread penalties in the first year of the GDPR totaled 56 million euro. Since the release of this study in July 2019, there has been no evidence of this downturn. The first half of 2019 implementation activities were mostly relatively minor. Thus, with a fine of €50 million levied on Google in January by the French Data Regulator.
In 2020, this is expected to change. In July 2019, ICO released plans to fines for £183 million (1.5% of world sales) against BA and for £99.2 million against the Marriot Party (2.5 percent of global revenue). The ICO has now set a hallmark for its proposals to use its expanded GDPR capacities. Further, permit penalties of £17m or 4 percent on global revenues relative to the former threshold of £500,000. We expect it to be finalized at the beginning of 2020.
Drop in penalties
BA and Marriot are pending discussions with the ICO. Yet, we do not anticipate fines to be substantially cut down following the release of final notices. Higher sanctions are part of a worldwide trend. Especially, with Facebook fined the US Federal Trade Commission in July 2019 for $5 billion (around 8.3% of global sales, more than twice as high as GDPR). Since declaring its intent forced to do so by BA and Marriot’s monitoring obligations. Further, the ICO has simply closed down its colors to the master. Hence, a substantial drop in penalties will be for the newly assertive regulator a humiliating move down.
Litigation
There are various reasons why a spike in lawsuits after data breaches is fair to anticipate:
Enhanced understanding of data rights for the public;
Enlargement of intervention causes;
the absence of any loss requirement;
increasing inclination, when reporting data breaches, for PR reasons for companies to confess responsibility at the outset;
Regulators’ rising operation.
Court case sample
In 2019, they found important examples in the courts of such cases and the themes are to be explored by 2020. The court, for example, accepted a group arbitration order in the BA Shareholder Action. Further, granted the seeking entities 12 months after service of group information of claims (which must be released by 17 January 2020) to justify it. Claimant companies have reported per capita losses from £2000 to £6000. BA’s possible potential liability is massive (theoretically up to 3 billion pounds). Thereby, way above the threatened regulatory fine, with up to 500,000 potential plaintiffs, a well-known corporate defendant and a substantial press profile.
Group data litigation
Two Court of Appeal rulings have raised the realistic importance of the danger of group data litigation. In the decision of 2018, a rogue employee who leaked the confidential data of thousands of other workers in Multiple Plaintiffs v WM Morroison Supermarket claimed that a company could still be responsible where the ICO stated that it is irreparable. In the face of a lack of clarification on corporations’ willingness to protect against regulatory penalties, the proposed remedy–protection–of the court is powerless.
