Privacy Litigation in Europe: Successfully Challenges Fines & The Rise of Class Actions

Data privacy and security in Europe can no longer only be seen as a compliance topic. It has also become a broad field of litigation, for better or worse. The Lawyer and DocuSign recently hosted a webinar with experts from Bird & Bird and DocuSign to take a look at the status of privacy litigation in Europe.  

Recently, there have been significant changes in relation to privacy, and the webinar looks at the key trends driving the changes. It also explains how to successfully mitigate fines and layout strategies to effectively litigate against privacy class actions in Europe. The changes in relation to privacy are impacting the way organisations work. The panel of experts share practical tips for dealing with an increase in rules and regulations. The panel includes:

• Bryony Hurst - Partner - Dispute Resolution Group at Bird & Bird
• Ariane Mole - Partner - International Data Protection at Bird & Bird
• Cindy Rosser, Senior Director & AGC, Innovation Services & Regulatory Affairs at DocuSign
• Stuart Brock - Senior Agreement Cloud Strategy Practice Director

During the webinar, the panel highlights some of the impacts to data privacy, including data breaches, GDPR, Brexit and Privacy Shield, that have practical implications for many organisations both for enterprise-level and small and medium-sized businesses. Ariane and Bryony highlighted the key changes and trends for the rise in data privacy litigation:

• Regulatory & Privacy Awareness - There is much more awareness around privacy for individuals that can trigger more complaints to organisations and more enforcement actions. UK courts allow damages in principle for loss of control of your data. Other data violations include lack of transparency or lack of consent.

• Collective Actions - Prior to the implementation of GDPR it was rare to see collective actions in Europe, but it now happens frequently. In the UK and across Europe, collective actions from consumer associations and NGO’s or US-backed law firms are more frequent. The sophisticated US-backed claimant law firms have access to large amounts of litigation funding.
• Penalties are increasing - Ariane shared an example of the recent fines imposed on Amazon from the Luxembourg Data Protection. Penalties are increasing and aren’t limited to large multinationals - medium and small organisations are also being fined for violations. 
• A rise in claimant law firms - there is a rise in claimant law firms in the UK, some traditional law firms are organising around collective cases, but there is also an increase in claim management companies. Large and small actions for data violations are being funded.

Stuart Brock shared information on how organisations are preparing to tackle ongoing regulatory changes. Stuart discussed how many organisations use Artificial Intelligence to understand if all contracts are compliant and monitor and view contractual provisions in contracts. Using the DocuSign Agreement Cloud allows organisations to add regulatory amendments through contracts quickly and efficiently to tackle large and onerous groups of changes. If there is a data breach or infringement - DocuSign can help their customers understand what has gone wrong and help to put shutdown safety decisions and measures in place. Stuart says that existing DocuSign customers are well prepared to meet fast-moving situations because of the amount of insight that the platform provides. The evolving problems and the speed at which they arise suggest that they are best solved by sophisticated technology in the future.