Closing off the Warren of Negligence Claims for Data Breaches

O'Dell, Eoin

doi:10.2139/ssrn.4703875

Download This Paper

Open PDF in Browser

Add Paper to My Library

Closing off the Warren of Negligence Claims for Data Breaches

Damian Clifford, Kwan Ho Lau & Jeannie Marie Paterson (editors) Data and Private Law (Hart Studies in Private Law, Bloomsbury, 2023) chapter 10; pp161-174.

18 Pages Posted: 7 Mar 2024

See all articles by Eoin O'Dell

Eoin O'Dell

Trinity College (Dublin)

Date Written: 2023

Abstract

Large databases of personal data are increasingly vulnerable to hacks. Arising out of the biggest data breach in the United Kingdom’s history, the claimant in Warren v DSG Retail Ltd [2021] EWHC 2168 (QB) (30 July 2021) sought damages for distress for breach of data protection legislation, misuse of private information, and breach of a duty of care in negligence. Saini J dismissed the negligence claim because there is neither need nor warrant to impose such a duty of care where there exists a bespoke statutory regime. But this is an incoherent policy, inconsistently applied. Moreover, it ought not to operate at all in cases where the defendant has voluntarily assumed responsibility towards the claimant. Nevertheless, after Warren, the tort of negligence provides no incentive for the controllers of large databases to protect them.

Keywords: Data breach, privacy, data protection, GDPR, misuse of private information, tort of negligence, duty of care, voluntary assumption of responsibility, special relationship, policy bar, Warren.

JEL Classification: K13

Suggested Citation: Suggested Citation

O'Dell, Eoin, Closing off the Warren of Negligence Claims for Data Breaches ( 2023). Damian Clifford, Kwan Ho Lau & Jeannie Marie Paterson (editors) Data and Private Law (Hart Studies in Private Law, Bloomsbury, 2023) chapter 10; pp161-174. , Available at SSRN: https://ssrn.com/abstract=4703875 or http://dx.doi.org/10.2139/ssrn.4703875