Data Breach

The world’s most valuable resource isn’t oil—it’s data. In particular, YOUR data. Just like oil, the right to extract personal data is heavily regulated.

Almost every interaction you have with any organisation involves you sharing personal data such as your name, address, email address, and date of birth. You share data online, too. Every time you buy something online, use social media, or visit a website, you’re handing over valuable personal data. You may not even realise how much data you are giving away or how much that data is worth. If you are not paying for the site with your credit card, you will be paying for it with your data. And when organisations do not protect your data, you could pay an even higher price. 

European Data Law and Your Data Rights

In many ways, the use of personal data is beneficial to internet users. The FANG companies (Facebook, Amazon, Netflix, and Google), for example, harness data to deliver better, more personalized services and products.

Due to the increasing importance of data to the economy and to individuals, European Data Protection Law has evolved to protect consumers and create powerful enforceable rights in relation to their personal data. But in some cases, companies fail to protect or process your data in accordance with the law. Often, they do so for their own self-interest and enormous financial gain.

One high profile example is the “Safari Workaround.” We are representing 4.4m British iPhone users who we allege had their data processed unlawfully by Google in 2011. The claim against Google is the largest data claim in the UK and is heading to the Supreme Court in early 2021.

We do not expect this to be the end of the story. Only 55 percent of EU firms (including UK firms) claim to be fully compliant with the EU’s General Data Protection Regulation (GDPR). Under the GDPR, all UK organizations are required to report data breaches to the Information Commissioner’s Office (ICO) within 72 hours of the breach occurring. Organizations are also required to notify customers as soon as possible if there is a risk of data breaches causing harm to individuals’ rights and freedoms, as well as keep detailed records of known breaches and maintain security measures to prevent them. 

It’s not just commercial organizations that are subject to data breaches, either. The ICO has also been investigating government bodies such as police departments, NHS Trusts, and Academic Trusts for suspected breaches. 

Milberg London will continue to scrutinise the conduct of organizations and their compliance with GDPR. When they fail to adequately safeguard personal data, it is vital that we hold these organizations to account and obtain fair compensation for the harm caused.

Data Breach Group Litigation

Group litigation is similar to what American lawyers calls a “class action lawsuit.” It offers strength in numbers and lower legal costs for those who join together. Data breach group litigation claims are increasingly common in UK courts. 

If your data has been unlawfully processed or leaked, you may be entitled to compensation for the loss of control of your data. You could receive compensation for financial harm resulting from the data breach, as well as for emotional distress—even if the breach did not cause you any financial harm. 

You Owe Us

You Owe Us is a group that aims to show that the world’s biggest companies are not above the law.

We act on behalf of Richard Lloyd (former Executive Director of Which?) in the representative group action against Google and Alvin Carpio (human rights campaigner) in the claim against Facebook. 

For more information and to see if you were affected please visit our websites: