Data breach claim transferred from High Court to County Court

This blog examines a recent case that highlights that the High Court is not necessarily suitable for low-value data breach claims. In Cleary v Marston (Holdings) Ltd [2021] EWHC 3809, the claimants issued their claim in the High Court on the basis that a specialist judge was required and that the very high legal costs would only be fully recoverable if the claim were handled by the High Court.  However, the judgment found that the straightforward nature of the case, including its factual matrix, meant that it was more appropriate for the County Court.

The facts were that Mr Cleary brought a claim against Marston (Holdings) Ltd ("Marston") after an employee of Marston sent a letter via email intended for Mr Cleary to another colleague who deleted the email on the same day.  The email contained Mr Cleary's personal data and he brought a claim for: (i) breach of data protection legislation; (ii) misuse of private information; and (ii) breach of confidence. 

The claimant sought damages of £3,000 and a declaration that "the processing of the Claimant's information … constituted a misuse of private information and/or breach of data protection". The Claimant issued the claim in High Court (despite the fact that the High Court is generally reserved only for claims valued at above £100,000) on the basis that a specialist judge was required in this developing area of law.

At a contested Case Management Conference, Mr Justice Nicklin ordered the claim be transferred to the small claims track and held the following as the key reasons:

  • On the submission of complexity, Nicklin, J found that data protection law was "not the most straightforward", however, that did not automatically require the claim to be heard in the High Court.  Indeed, Nicklin, J found that fact did not mean that the value of the damages were not the primary reason for allocation to the High Court.
  • In respect of the declaration, Nicklin J found that there was no "coherent argument" why that remedy should be granted. He added that the effect of the declaration, that there had been a misuse of private information or breach of data protection, was no different to that of a court judgment.

Marston serves as an important reminder (along with other low-value data breach claims that we have considered such as Warren v DSG Retail Limited [2021] EWHC 2168 (QB), Rolfe and others v Veale Wasbrough Vizards LLP [2021] EWHC 2809 (QB), Johnson v Eastlight [2021] EWHC 3069 and Underwood and another v Bounty UK Ltd and another [2022] EWHC 888 (QB)) that the High Court is not necessarily the appropriate forum for low-value data protection claims.  In addition, Nicklin's conclusion on the declaration is a helpful demonstration that the value of a declaration is no different from that of a judgment that reaches the same conclusion. 

As with other dismissals from the High Court of low-value data protection claims, organisations may welcome the judgment in Marston as taking a sensible approach to the handling of claims of this nature.