[ad_1]
Google Wins Privacy Lawsuit Over Misuse of NHS Patients’ Data
A London court has dismissed a lawsuit filed against Google and its AI division, DeepMind, that sought compensation for the misuse of NHS patients’ medical records. The complainant sought to bring a representative action on behalf of the approximately 1.6 million individuals whose medical records were passed to DeepMind without their knowledge or consent. The Royal Free NHS Trust engaged the Google-owned AI firm, which passed patient data to co-develop an app for detecting acute kidney injury. The UK’s data protection watchdog later found the Trust had lacked a lawful basis for the processing.
The complainants sued for damages for the unlawful use of patients’ confidential medical data. In a judgment issued today by the Royal Courts of Justice in London, Justice Heather Williams dismissed the case on the grounds that it did not meet the bar for bringing a representative action, which requires the claim to be based on general circumstances that apply to the entire class. Therefore the claim would be bound to fail. Even seeking “lowest common denominator damages” for each member of the class did not pass muster, as the judge identified “many relevant variables” between class members and judged there to be overwhelming challenges in establishing a viable claim.
Challenges Facing Class-Action Style Compensation Claims for Privacy Breaches in the UK
The decision underscores the hurdles facing class-action-style compensation claims for privacy breaches in the UK. Bringing a legal claim for damages as an individual remains prohibitively expensive. The lack of a clear route for UK citizens to pursue class-action-style litigation over privacy harms means that there are very limited options for them to obtain redress for the misuse of their data.
Google’s Previous Class-Action Style Privacy Lawsuit in the UK
This is not the first time that a class-action-style privacy damages claim against Google has run aground in the UK. In 2019, the Supreme Court definitively blocked another representative action brought by a consumer rights campaigner in relation to a workaround Google had allegedly applied to override iPhone users’ privacy settings in Apple’s Safari browser between 2011 and 2012. An earlier attempt by Andrew Prismall to bring a representative claim against Google and DeepMind under UK data protection law was also abandoned following Google’s aforementioned Supreme Court win. He then refiled the claim, under the common law tort of misuse of private information, only for that case to be dismissed.
European Union Legal Landscape
UK citizens have limited options to obtain redress for the misuse of their data. It is an increasingly different picture in the European Union where a Collective Redress Directive was passed back in 2020 that’s due to enter into force next month. This law is aimed at bolstering consumer rights by making it easier for the bloc’s citizens to bring representative actions and sue collectively over breaches of their rights. Another incoming change to EU product liability rules is intended to make it easier for people to sue for damages caused by software and AI systems, including for breaches of fundamental rights like privacy. A recent judgement by the Court of Justice of the EU also established that the bloc’s data protection framework does not set a threshold for harm for a breach compensation claim.
FAQs
What was the lawsuit about?
The lawsuit filed against Google and its AI division, DeepMind, sought compensation for the misuse of NHS patients’ medical records. The Royal Free NHS Trust engaged DeepMind, which passed patient data to co-develop an app for detecting acute kidney injury. The UK’s data protection watchdog later found the Trust had lacked a lawful basis for the processing.
What was the ruling?
The Royal Courts of Justice in London dismissed the case on the grounds that it did not meet the bar for bringing a representative action, which requires the claim to be based on general circumstances that apply to the entire class. Therefore the claim would be bound to fail.
Why are UK citizens limited in their options to obtain redress for the misuse of their data?
Bringing a legal claim for damages as an individual remains prohibitively expensive. The lack of a clear route for UK citizens to pursue class-action-style litigation over privacy harms means there are very limited options for them to obtain redress for the misuse of their data.
What legal options are available for EU citizens?
EU citizens have legal options such as the Collective Redress Directive that makes it easier for bloc’s citizens to bring representative actions and sue collectively over breaches of their rights. Another incoming change to EU product liability rules is intended to make it easier for people to sue for damages caused by software and AI systems, including for breaches of fundamental rights like privacy. A recent judgement by the Court of Justice of the EU also established that the bloc’s data protection framework does not set a threshold for harm for a breach compensation claim.
[ad_2]
For more information, please refer this link