CIPL Submits Response to DCMS Consultation on Representative Actions
Thursday, November 5, 2020
scales of justice
Print Mail Download i

On October 22, 2020, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth submitted its response to the UK Department for Digital, Culture, Media and Sport (“DCMS”) call for views and evidence on its review of representative actions under Section 189 of the Data Protection Act 2018 (“DPA”). Section 189 requires the UK government to review the operation of the representative action provisions of the DPA and provide a report to Parliament by November 25, 2020.

In particular, the call for views focused on the current operation of the DPA provisions that permit individuals to authorize not-for-profit organizations to lodge complaints with the UK Information Commissioner’s Office (“ICO”) or to act on their behalf in court proceedings. The call also addressed the question of whether to introduce new provisions to permit organizations to act on behalf of individuals without express authorization.

After consulting with its members, CIPL submitted the following feedback, among other observations:

  • The existing avenues for legal redress provided by the current data protection regime, which include the ability for individuals to bring individual claims in the High Court, opt in to a group action, or opt out of a representative action, are sufficient and should not be expanded without evidence that doing so would have clear benefits. It is likely that allowing for an expansion of these legal redress options would result in the diversion of resources and investment away from internal compliance programs, when the interests of data subjects would be better served by the proactive compliance activities of organizations, such as investment in improving complaints handling processes.

  • The ICO, rather than the courts, should be the first port of call for data protection complaints. As an experienced and active regulator, the ICO is better placed to receive and resolve such complaints, and is more likely to produce a result that appropriately protects and enhances the fundamental interests of individuals under data protection legislation.

  • The ICO should be given time to employ the expanded powers provided under the DPA, and for the relatively new avenues of legal redress to be established, before any further expansion. These existing avenues have seen significant use since the GDPR’s implementation in May 2018–for example, the ICO received approximately 40,000 data subject complaints in each of the past two years. In CIPL’s view, these existing avenues are sufficient. If they were to be expanded, the creation of an ombudsman or certification bodies would be more appropriate forms of redress than an additional route for claims to be made through the court system.

  • Instead of expanding already sufficient legal avenues for redress and casting organizations and data subjects as adversarial, the focus should be directed towards facilitating greater transparency and better management of data subject rights, complaints procedures from organizations and data literacy among data subjects, so that the latter are able to fully understand their rights and exercise them directly when necessary.

  • Representative actions do not necessarily allow for the measurement of true loss suffered by an individual, especially where data subjects are not even consulted. For example, while some individuals may feel greatly damaged by a data breach, others may consider the risk of a breach to be simply a part of the dynamic of engaging with the digital environment, and a necessary trade-off for the benefit of using the relevant services. Other data subjects may suffer much greater loss, but be forced to settle for a lesser claim due to the fact that a common loss must be established among all claimants in a class. In such cases, the ICO is better placed to assess the true impact on data subjects than the court system.

  • Given the significant role that data use plays in innovation and economic and societal growth, the UK should focus on ensuring that it remains competitive in the global market. This includes ensuring appropriate and effective means for protecting personal data. While representative actions have a role to play in this, regulatory intervention may be more effective in shaping responsible data handling.

Download a copy of CIPL’s full response.

Copyright © 2024, Hunton Andrews Kurth LLP. All Rights Reserved.

Current Legal Analysis

More from Hunton Andrews Kurth

NEW Frequently Asked Questions About EPA’s Expansive PFAS Reporting Rule Under the Toxic Substances Control Act
by: Gregory R. Wall , Matthew Z. Leopold
Colorado Amends Privacy Act with H.B. 1058, Adding New Protections for Biological and Neural Data
by: Hunton Andrews Kurth’s Privacy and Cybersecurity
Nebraska Enacts Comprehensive State Privacy Law
by: Hunton Andrews Kurth’s Privacy and Cybersecurity
June 2024 Visa Bulletin – Minor Advances for EB-3/Other Workers India; Retrogression Forecast for EB-2/EB-3 Worldwide Starting July
by: Immigration & Nationality Law Practice
Unpacking Recent Supreme Court Case and the Implications for Development Impact Fees
by: Fawaz A. Bham , Javier De Luna
Supreme Court Hears Oral Argument in Starbucks v. McKinney regarding Preliminary Injunctions Granted Against Employers
by: Kurt G. Larkin , Elizabeth King
Children’s Advertising Review Unit Issues Compliance Warning on AI in Child-Directed Advertising and Data Collection
by: Phyllis H. Marcus , Nicholas Drews
FDIC Proposes Changes to its Statement of Policy on Bank Merger Transactions and Provides Guidance on its Review Process
by: Heather Archer Eastep , Sumaira Shaikh
UK ICO and Ofcom Joint Statement on Regulation of Online Services
by: Hunton Andrews Kurth’s Privacy and Cybersecurity
Congress Extends Statute of Limitations for Sanctions Violations
by: Kevin E. Gaunt , Sevren R. Gourley

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins