A Scottish couple have been awarded damages of more than £17,000 in total for the "extreme stress" they suffered as a result of the "highly intrusive" use of CCTV systems by the owner of a neighbouring property.
Debbie and Tony Woolley were awarded £8,634 each after Sheriff Ross, in a ruling issued at Edinburgh Sheriff Court, said that the processing of personal data gathered from Nahid Akram's video and audio recording equipment was "intrusive, excessive and unjustified" and "unnecessary in relation to any legitimate purpose".
He said Akram, in her capacity as data controller for her guest house business, was responsible for a number of breaches of the Data Protection Act.
It is thought to be the first time that a court in the UK has awarded damages to account purely for the distress caused by a breach of UK data protection laws.
According to the ruling, a dispute broke out between the Woolleys and Akram over the use of Akram's property as a guest house, which she runs as a business and which her husband manages. The Akram guest house is downstairs from the Woolley's flat. Both the Woolleys and Akram subsequently installed CCTV systems outside their respective properties.
While the Woolley's equipment "records images of their own external property only", Akram installed "video and audio recording equipment" which allowed her, and her husband, to monitor comings and goings at the Woolley's property and to listen in to conversations in their private garden, according to the ruling. The equipment used by Akram was capable of storing five days' worth of data at any one time.
The Sheriff described "the regime of surveillance" that the Woolleys were subjected to as "extravagant, unjustified and highly visible" and as "an effort to oppress". He said that the Woolleys and their family had "suffered considerable distress" since Akram's equipment had been installed in about October 2013 and that it is "difficult to conceive" a more intrusive case of surveillance.
"They have all been severely restricted in the use and enjoyment of their own home," Sheriff Ross said. "They voluntarily restrict their external movements. They restrict their conversations, both inside and outside their home, as they are aware that they are being recorded and do not know the extent of the coverage. They require to warn visitors about the coverage. They cannot use their rear garden at all, as they do not want their activities to be recorded. They have suffered extreme stress as a result of [Akram's] unfair processing of their personal data."
Sheriff Ross said Akram had breached rules set out in the Data Protection Act that require personal data to be processed fairly and lawfully, as well as those that require personal data to be "adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed". She also breached the part of the Act that requires personal data to be retained for no longer than is necessary for the purpose or purposes for which it has been processed, according to the judgment. In his ruling, Sheriff Ross referred to a 2015 judgment issued by the Court of Appeal in London, the Google v Vidal-Hall case, which he said gave the Woolleys a right to claim compensation.
Until that 2015 ruling, it was the generally accepted position that people who did not incur a financial loss from a breach of the Data Protection Act were not eligible for compensation by way of remedy for that breach. However, the Court of Appeal in London said that position was not consistent with EU law.
It now means that, under the Data Protection Act, data subjects have a right to claim compensation if they suffer damage or distress as a result of violations of a section of the Act by organisations that hold their personal data. Organisations do have a defence to this right to compensation if they can "prove that [they] had taken such care as in all the circumstances was reasonably required to comply with the requirement [that it is alleged to have breached]".
Sheriff Ross accepted a method for calculating the damages to be paid in this case which had been suggested by the Woolleys. Compensation was granted on the basis of £10 for each day that the Woolleys' data had been processed in breach of the Data Protection Act, with a deduction being made for one month's worth of days per year to account for days where the Woolleys were "likely to be absent from the property, for example on holiday".
The Sheriff said, though, that it would be beneficial for an "authoritative decision" to be issued on the correct method for calculating damages in similar cases in future.
Dispute resolution specialist Jim Cormack of Pinsent Masons, the law firm behind Out-Law.com, said that there is an "alternative and, arguably, legally better approach" to calculating damages for distress than the one the Woolleys adopted in this case.
"In my view, it would have been open for the pursuers to sue for a lump sum, much as would be done for the relevant element of a personal injury case, and for the Court to make a broader assessment of the figure to be awarded, representing the positive view of the Court as to the appropriate figure for compensation overall," Cormack said. "Damages for distress arguably do not need to be quantified with the same level of precision as other heads of damage and indeed it may be said that the nature of damages for distress is such that only a broader assessment can be made. It will be interesting to see if the approach of a daily figure adopted in this case is followed in future cases.”
Copyright © 2016, Out-Law.com
Out-Law.com is part of international law firm Pinsent Masons.
Sponsored: Webcast: Ransomware has gone nuclear