Global menu

Our global pages


Data privacy: UK Government launches consultation on group claims

  • United Kingdom
  • Financial services disputes and investigations
  • Litigation and dispute management
  • Privacy, data protection and cybersecurity


The UK Government has launched a consultation on whether  to allow non-profit organisations to bring representative claims, including seeking compensation, on behalf of individuals affected by a personal data breach.

While Member States were granted the flexibility to allow representative actions by non-profits under the GDPR, the UK Data Protection Act currently only allows such claims to be brought with the affected individuals’ authorisation, and does not allow multiple claims to be combined into a group action. The UK Government’s consultation will review those arrangements, including whether non-profits should be able to represent affected individuals without their authorisation by way of group claims.

The current social, economic and political environment raises a number of issues which are particularly relevant to the consultation, including the adequacy of the UK data protection regime following Schrems II and Brexit, the forthcoming Supreme Court decisions in Lloyd v Google and Merricks v Mastercard, and a recent rise in cyber-crime driven by increased home working and digitalisation. A surge in funded data-related class actions, following breaches affecting major firms such as the Marriott hotel chain, makes the Government’s consultation all the more timely.