The UK Supreme Court handed down its much-anticipated decision in the Lloyd v Google LLC  UKSC 50 case on 10 November 2021 restricting claimants’ ability to bring data privacy class actions in the UK under the (now repealed) Data Protection Act 1998 (DPA 1998). This decision will be persuasive (though not binding) with respect to similar class actions brought under the (in-force) UK General Data Protection Regulation and the Data Protection Act 2018 (collectively, the UK GDPR). This decision will not directly impact litigation brought under the EU General Data Protection Regulation in EU member states.
Julia Bihary is an associate in the Litigation Department with a focus on complex commercial litigation, arbitration, private wealth, trusts and charities disputes.
Her recent experience includes advising corporate clients, high-net-worth individuals, fund managers and charities in a variety of disputes including international arbitrations, commercial, contractual and professional negligence disputes.
Julia is a solicitor advocate with Higher Rights of Audience.
She is fluent in English, Hungarian and German.
In the recent and significant Warren v DSG Retail Ltd  EWHC 2168 (QB) decision the High Court in England clarified the limited circumstances in which claims for breach of confidence, misuse of private information and the tort of negligence might be advanced by individuals for compensation for distress relating to a cyber-security breach where the proposed defendant was itself a victim of a third-party cyber-attack. The decision has made it harder to bring free standing/non-statutory cyber-security breach claims in England and Wales where the proposed defendant has not positively caused the breach, and has also brought into question how such claims may be funded going forward (particularly, via “After-the-Event insurance” (“ATE insurance”)).