In Cleary v Marston (Holdings) Ltd [2021] EWHC 3809 (QB),1 the High Court ordered the transfer of a data breach claim from the High Court to the small claims track in the County Court, holding that:

  • low-value data protection claims with little factual and legal dispute or complexity are capable of being dealt with fairly by the County Court;
  • a data breach claim with a straightforward single cause of action should not be overcomplicated with additional causes of action; and
  • a declaration should not be sought as a form of remedy in a media and communications claim unless there is an exceptional justification for one.

Background

The claimant sought damages after an employee of the defendant mistakenly sent an email that was intended for the claimant, to another colleague.

The defendant admitted that the email had been sent in error but maintained that the recipient had not read the document. This latter point was the only factual dispute of the case.2

Claim

The claim was issued in the High Court. The claim was brought on three grounds:

  • breach of data protection legislation
  • misuse of private information
  • breach of confidence

The claimant also sought a declaration that “the processing of the Claimant’s information… constituted a misuse of private information and/or breach of data protection (sic).”

The claimant’s cost budget indicated anticipated legal costs through to trial of GBP46,908. The claim was valued at GBP3,000.

Case management hearing

Before the case management conference, the claimant’s solicitors were directed to explain, among other things, why the claim had been issued in the High Court and the basis of the claim for a declaration.

The claimant contended that High Court proceedings were justified as their claim centred around misuse of private information, breach of confidence, and breach of data protection falling under the scope of the specialist Media and Communications List under CPR 53.1, warranting a specialist judge. Further, the remedy of a declaration was sought due to this being a “developing area of law.”

Decision

Justice Nicklin held:

  • A category of “non-defamation media and communications claims” is capable of being tried in the County Court.3 The current claim fell under this category due to fact that “the damages sought are relatively low” and the “the claim does not have any particular [legal or factual] complexity” that cannot be dealt with by the County Court or small claims track. Further, the question of whether the recipient of the letter read the contents, and the defendant’s knowledge of this, are of “limited compass” and, again, can be fairly resolved by the County Court should they remain in dispute.
  • Out of the three causes of action proposed by the claimant, data protection is the most straightforward. The addition of misuse of data and breach of confidence should not have been included as they provide a less straightforward remedy and overcomplicate the claim.
  • A declaration was not appropriate in this case. There is no “coherent argument” as to why this remedy ought to be granted, particularly given the same effect can be achieved through the judgment of the court.
  • While the court’s decision to allocate low-value data breach cases to the County Court may present wider policy concerns for claimants attempting to find representation and a lack of recoverability of ATE premiums, this cannot affect the decision of allocation itself. In any case, “no ordinary litigant would incur costs approaching GBP50,000 in order to recover GBP3,000.”

Important takeaways from the Judgement

  • Low-value data protection claims with little factual and legal complexity ought to be commenced in the County Court. It will be for a district judge to conclude whether the claim can be dealt with through the small claims track, or allocated elsewhere.
  • Data breach claims that include multiple causes of action should be presented in the most straightforward manner. It’s important to consider which claims ought to be included, and whether it would be in the best interests of the claimant to pursue all causes of action when this may have the effect of overcomplicating a claim.

Comment

The judgment provides a further welcome decision on the appropriate forum of low value data protection claims, following the decisions in a number of similar claims such as Warren v DSG, Rolfe v Veale, Johnson v Eastlight, and Underwood v Bounty. Finally, the judge was highly critical of threats by the claimant’s solicitors in pre-action correspondence that legitimate arguments as to procedural allocation could be something that could sound in aggravated damages: they could not. In light of the clear dicta by the court in Cleary and the judgments cited above, it’s clear more than ever that threats of High Court proceedings, and commencing such claims in that venue, are inappropriate.