NS Tech

Consumer groups call for right to seek compensation on behalf of data breach victims

This photo taken on January 7, 2010 shows a woman typing on the keyboard of her laptop computer in Beijing. China declared its Internet "open" on January 14 but defended censorship that has prompted Web giant Google to threaten to pull out of the country, sparking a potential new irritant in China-US relations. China employs a vast system of Web censorship dubbed the "Great Firewall of China" that blocks content such as political dissent, pornography and other information viewed as objectionable and the issue looks likely to shape up as the latest addition to a growing list of disputes between China and the United States over trade, climate change and human rights. AFP PHOTO / Frederic J. BROWN / AFP PHOTO / Frederic J. BROWN (Photo credit should read FREDERIC J. BROWN/AFP/Getty Images)

A coalition of consumer groups are lobbying the government for the right to seek compensation on behalf of the victims of data breaches.

The privacy and consumer rights advocates are writing to digital minister Matt Hancock to call for an amendment to the new Data Protection Bill.

They argue that the current version of the bill fails to deliver on the government’s promise to make it easier for victims of breaches to have a clearer “right of redress”.

“Implementing Article 80(2) of the General Data Protection Regulation (GDPR) would create a collective redress regime for breaches of data protection law,” they write.

“It provides a mechanism whereby serious breaches of data protection, which may affect the most vulnerable in society, are addressed and result in real change that benefits thousands if not millions of consumers in the UK.”

The letter, which NS Tech has seen, has been signed by executives from Which?, Open Rights Group, Age UK and Privacy International, among other organisations.

“Data breaches are now more commonplace and yet many people have no idea what to do or who to turn to when their personal data is compromised,” said Which?’s Alex Neill.

“The Government should use the Data Protection Bill to give independent bodies the power to seek collective redress on behalf of consumers when a company has failed to take sufficient action following a data breach.”

The Data Protection Bill is currently passing through parliament and enshrines in law the EU’s General Data Protection Regulation, which comes into force next year.

It follows a series of high profile breaches in recent months, including the Uber breach reported yesterday and the vast Equifax hack that was revealed in September.