In a welcome move for defendants, the CFA regime for privacy claims finally caught up with the rest of the litigation world on 6 April. From this date, a solicitor’s success fee under a new conditional fee agreement (CFA) will no longer be recoverable from the losing party in publication and privacy proceedings. The change is expected to lead to a reduction of purely speculative claims for data breaches made by “no win no fee” claimant solicitors.

The ancien regime

Since April 2013, a CFA’s success fee has not been recoverable from the unsuccessful party for the majority of litigated claims pursuant to s.44 of the Legal Aid, Sentencing and Punishment of Offenders Act 2012 (“LASPO”). However, pursuant to S.I. 2013/689, there has been an exemption for CFAs in certain categories of claims, including “publication and privacy proceedings”, which is defined as proceedings for “(a) defamation; (b) malicious falsehood; (c) breach of confidence involving publication to the general public; (d) misuse of private information; or (e) harassment, where the defendant is a news publisher”.

Before removing the exemption for these cases, the government wanted to first decide whether to implement qualified one way costs shifting (QOCS), as recommended by the Leveson Inquiry in 2012. In the meantime claimant solicitors have been increasingly using the publication and privacy exemption that was primarily intended for media cases, by joining claims that were ostensibly for breaches of the Data Protection Act (1998 or 2018) with claims for breach of confidence and misuse of private information. The financial risk of having to pay a the claimant’s success fee can often outweigh the merits and quantum of a modest claim and force settlement.

The new order

In November, the government finally passed legislation (S.I. 2018/1287) reforming the costs protection regime for publication and privacy claims. It concluded that a more pragmatic approach should be taken than QOCS. Instead, for new CFAs entered into from 6 April, the success fee will no longer be recoverable from the losing party. Concerns over the impact on access to justice may be slightly mitigated by the fact that claimants can still seek to recover after the event insurance (ATE) premiums.

For defendant parties, this reform is long overdue. From a data breach perspective, it is hoped that it will lead to a reduction in opportunistic small claims for technical breaches that tend to be disproportionately costly to contest. It remains to be seen whether the changes will increase the number of third party litigation funders who are already active in the data breach litigation space (see Lloyd v Google [2018]). We also look forward to seeing whether claimant solicitors will now start to solely bring claims under specific data protection legislation, as there is less incentive to join common law claims for breach of confidence and misuse of private information, which are derived from media and defamation cases where the legal principles do not always fit with data breach claims.