The Data Protection Act 1998 (DPA) is, as its regulator the Information Commissioner (IC) concedes, “complex and, in places, hard to understand”. Moreover, it has been observed that
there is…little case law…most damages claims under the DPA go to the County Court, where unless you were in the case it is hard to know that it happened or get hold of a judgment
To which one would add that, as most damages claims go no further than the County Court those cases we do hear about don’t set precedent anyway.
However, thanks to the website LegalBeagles we do now have another judgment which deals with the DPA, and which was handed down in June this year in the County Court at Taunton. In the judgment (.pdf, 12MB), in rather dense prose, Deputy District Judge Stockdale ruled on a money claim against Lloyds Bank for unfair bank charges (the primary claim) and a claim for damages under section 13 of the DPA. Holding that the specific bank charges between 2007 and 2009, for unauthorised overdraft facilities, were indeed unfair (for reasons I am rather ill-equipped to explore), the Judge went on to hold that the referral of a default to credit reference agencies was in breach of the first data protection principle (Schedule One, DPA) which obliged the bank to process the claimant’s personal data fairly (and lawfully). This was because, by reference to the then IC Guidance “Filing of defaults with credit reference agencies”, the relationship between the lender and the individual had not broken down.