Court gives green light for class action over British Airways data breach

rradar CDIL solicitor David Sinclair explains the significance of the High Court's recent decision.

Only a week after the Court of Appeal gave the go-ahead to a class action claim for damages in the Lloyd v Google case over Google’s misuse of personal data collected through Apple’s Safari, the High Court has this week (4th October 2019) granted a Group Litigation Order paving the way for a customer class action against British Airways.

The High Court Order follows the hacking of British Airways’ (BA) booking app and website in September 2018, with the loss of around 500,000 customer personal data (including approximately 380,000 credit/debit card and other financial details).

Following the breach, the Information Commissioner’s Office (ICO) undertook an investigation and in July 2019, it announced that it was imposing a £183.39 million monetary penalty on BA for its breach of the General Data Protection Regulation (GDPR). The ICO found that people’s personal data had been compromised by BA’s poor security arrangements and that the data breach was more extensive and had continued for longer than it had previously reported. BA is currently appealing the penalty.

The High Court’s granting of the Group Litigation Order gives claimants’ solicitors the go-ahead to bring class action in the High Court under the newly-revised Civil Procedure Rules practice direction to claim compensation on behalf of the BA customers affected by the data breach for their distress, suffering and inconvenience caused by the data loss.