United Kingdom: Issued ruling on Driver v Crown Prosecution Service for data breach

On 10 October 2022, the High Court of England and Wales issued a judgement on “Driver v Crown Prosecution Service”. The claimant, a local politician in Lancashire County, sought damages not exceeding GBP 2000. The claim arises out of an email made public by a Crown Prosecution Service lawyer in June 2019 regarding a police investigation where the claimant was a suspect in a case of local government corruption in 2014. The claimant was cleared as a suspect in 2016. The claimant stated there was a breach of the GDPR and the UK Data Protection Act 2018 because the action constituted the unlawful processing of his personal data. The High Court found that the claimant failed to prove that he objectively had a reasonable expectation of privacy in relation to the information but accepted he might have experienced a “very modest degree of distress”. The High Court concluded that the data breach was at the lowest end of the spectrum and awarded the claimant damages of GPB 250.