Privacy and private information has been a rapidly expanding area of UK law for the past decade and a half, gradually recognising and affording greater protection to individuals in respect of their privacy and personal life. This has largely been driven by the Human Rights Act (the 'HRA') which brought the rights contained in the European Convention on Human Rights and Fundamental Freedoms within the scope of domestic legislation.
A number of high profile cases recently have helped develop this area of law but it is clear that there is still a long way to go.
Background to privacy law
Surprising as it may seem, there is, and never has been, such a thing as a “law of privacy” in the UK. The CoA first expressed its regret that there was no law of privacy in the case of Kaye v Robertson when the ‘Allo ‘Allo actor, Gordon Kaye, tried to sue for breach of privacy in the 1990s. Following the more recent House of Lords decision in Wainwright v Home Office in 2003, it is unlikely that without legislative intervention, there ever will be a specific “privacy law”.
For many years the closest English law came to giving protection to privacy and private information was through the cause of action of breach of confidence.
The English courts have, however, in typical fashion, developed the existing and established common law to provide an acceptable solution to this conundrum.
Two recent and prominent decisions have taken this development further:
- the Court of Appeal ('CoA') in Google v Vidal-Hall & others has: recognised that misuse of private information is a tort; and extended the scope of damages available for breach of the Data Protection Act.
- the High Court has also very recently in the case of Gulati & others v MGN Limited awarded record damages for breaches of privacy in the Mirror phone-hacking scandal.
This is good news for claimants whose privacy has been invaded. However, what is the legal significance of these developments? What can we expect next? And does the promised repeal of the HRA now threaten to unwind these gains and make life more difficult for potential claimants?
What is the classification of cause of action?
Despite these developments and the recognition of the cause of action of misuse of private information, its categorisation has remained unclear. Lord Nicholls in Campbell referred to it as a tort. Other cases have also suggested that it might be a tort. There has, however, been no formal recognition of that categorisation, and others have reached the opposite conclusion, including Lord Phillips MR in Douglas v Hello! (No. 3): “We have concluded, however, albeit not without hesitation, that the effect of shoe-horning this type of claim into the cause of action of breach of confidence means that it does not fall to be treated as a tort under English law”.
What is the approach of the Courts?
In the recent case of Google v Vidal-Hall, the CoA approved the first instance judgment of Tugendhat J and confirmed that the cause of action is indeed a tort.
The case concerned an application to serve out of the jurisdiction and was dependent upon misuse of private information being classed as a tort and so falling within the “jurisdictional gateway” of CPR 6B PD3.1(9). The categorisation of the claim was therefore paramount since, if it was a tort, the application to serve out would succeed; if not so classified, the application would fail.
Can you get damages?
The claimants in Vidall-Hall claimed that the actions of Google had breached the provisions of the Data Protection Act (the 'DPA'). The DPA is aimed at safeguarding privacy rights of individuals and provides an important springboard for potential claimants where those privacy rights have been abused. The DPA provides a number of protections for individuals with regard to the processing of personal data and the free movement of such data. Where the DPA has been breached, damages may be sought from the “data controller” responsible for the breach. Vidall-Hall was concerned with assessing the scope of damages that a claimant could seek where it had suffered distress but had suffered no pecuniary loss.
In Gulati it appears as though the courts have finally accepted that compensatory damages are an appropriate remedy to award where there has been an egregious invasion of privacy. In this case, the judge (Mann J) awarded damages to claimants well into six-figure sums (with the actress Sadie Frost being awarded £260,000). These sums dwarf the £60,000 which was awarded to Max Mosley in 2008 which, at the time, was a record-breaking amount.
The law of privacy has a long way still to go
The law of privacy is still relatively new; it has come a long way in a relatively short space of time. It undoubtedly has a long way still to go.