The UK Supreme Court handed down its much-anticipated decision in the Lloyd v Google LLC [2021] UKSC 50 case on 10 November 2021 restricting claimants’ ability to bring data privacy class actions in the UK under the (now repealed) Data Protection Act 1998 (DPA 1998). This decision will be persuasive (though not binding) with respect to similar class actions brought under the (in-force) UK General Data Protection Regulation and the Data Protection Act 2018 (collectively, the UK GDPR). This decision will not directly impact litigation brought under the EU General Data Protection Regulation in EU member states.
Steven Baker
Steven Baker is a partner in the Litigation department and a member of the International Arbitration group. He has over 25 years of experience advising clients on complex, often multi-jurisdictional disputes in a wide range of industries, including asset management, technology, life sciences, financial services and defence sectors. He also has extensive experience advising upon and managing disputes for clients involving major technology or telecommunications projects and their financing, technology licensing and misappropriation of trade secrets.
Steven is ranked as a leading litigator for banking and financial services litigation in both Legal 500 and Chambers & Partners, who comment that “Steven is a tremendous litigator – he is very clever and efficient and handles multiple clients well” as well as being ”very thoughtful, very into the detail, but equally takes a very commercial stance”, “Very good at running complex commercial disputes, very bright and a pleasure to deal with” and “has a really good grasp of complex banking litigation.” He was named by Benchmark Litigation as its inaugural "UK Lawyer of the Year" in 2019 as well as a National Litigation Star (2019-2021). He was also designated a Client Services All-Star by the BTI Consulting Group, which selects lawyers who "deliver outstanding legal skills and superior client services" based on interviews with legal corporate counsel at the world's leading organizations.
Steven lectures on dispute resolution-related matters, including on the M. Sc. Major Projects course at Said Business School, University of Oxford. He is also the co-author of a leading publication on technology disputes entitled, “IT Contracts and Dispute Management: A Practitioner's Guide to the Project Lifecycle”, a second edition having been commissioned.
English High Court Clarifies Appropriate Causes of Action in Data Claim Where Defendant Was a Victim of Third-Party Cyber-Attack
In the recent and significant Warren v DSG Retail Ltd [2021] EWHC 2168 (QB) decision the High Court in England clarified the limited circumstances in which claims for breach of confidence, misuse of private information and the tort of negligence might be advanced by individuals for compensation for distress relating to a cyber-security breach where the proposed defendant was itself a victim of a third-party cyber-attack. The decision has made it harder to bring free standing/non-statutory cyber-security breach claims in England and Wales where the proposed defendant has not positively caused the breach, and has also brought into question how such claims may be funded going forward (particularly, via “After-the-Event insurance” (“ATE insurance”)).