I have just published “Closing off the Warren of Negligence Claims for Data Breaches” in Damian Clifford, Kwan Ho Lau & Jeannie Marie Paterson (editors) Data and Private Law (Hart Studies in Private Law, Bloomsbury, 2023) chapter 10; pp161-174 (available via SSRN). Here is the abstract:

Large databases of personal data are increasingly vulnerable to hacks. Arising out of the biggest data breach in the United Kingdom’s history, the claimant in Warren v DSG Retail Ltd [2021] EWHC 2168 (QB) (30 July 2021) sought damages for distress for breach of data protection legislation, misuse of private information, and breach of a duty of care in negligence. Saini J dismissed the negligence claim because there is neither need nor warrant to impose such a duty of care where there exists a bespoke statutory regime. But this is an incoherent policy, inconsistently applied. Moreover, it ought not to operate at all in cases where the defendant has voluntarily assumed responsibility towards the claimant. Nevertheless, after Warren, the tort of negligence provides no incentive for the controllers of large databases to protect them.

The cover of the book is above, right. It is very elegant. And this is one time where you really can judge the book by its cover. The publisher’s blurb says that it examines one of the fastest growing fields of regulation: data rights. The book moves debates about data beyond data and privacy protecting statutes. In doing so, it asks what private law may have to say about these issues and explores how private law may influence the interpretation and the form of legislation dealing with data. Over five parts it: sets out an overview of the themes and problems; explores theoretical justifications and challenges in understanding data; considers data through the perspective of cognate private law doctrines; assesses the contribution of private law in understanding individual rights; and finally examines the potential of private law in providing individual remedies for wrongful data use, supplementing the work of regulators. The essays are:

1. Introduction to Data and Private Law
Damian Clifford, Kwan Ho Lau and Jeannie Marie Paterson

2. Private Law, Technology and Governance
Roger Brownsword

3. Data in a Relational Setting
Sally Wheeler

4. The Predilection for Contract in Governing Digital Networks: Micro-Management’s Face Off with Accountability
Lee A Bygrave

5. Data Rights and Contract Law: Formation, Incorporation and Vitiating Factors
Damian Clifford and Jeannie Marie Paterson

6. Data Rights and Consumer Contracts: The Case of Personal Genomic Services (SSRN)
Shmuel I Becher and Andelka M Phillips

7. Private Law Rights Mechanisms for Consumer Data – Filling the Gaps
Chris Reed

8. Access to Platform Data and the Right to Research under US Law
Niva Elkin-Koren, Maayan Perel and Ohad Somech

9. Tort-Based Protections for Data Privacy
Jelena Gligorijevic

10. Closing Off the Warren of Negligence Claims for Data Breaches (SSRN)
Eoin O’Dell

11. Trust, Confidence and Data Rights
Megan Richardson

12. IP and Data, IP in Data, IP as Data
Kimberlee Weatherall

13. Duties for Datasets
Jerrold Soh Tsin Howe

14. Private Enforcement of Data Rights Through Direct Rights of Action: A Comparative Review
Normann Witzleb

15. Data Rights Incursions: Two Hurdles in the Pursuit of Damages
Kwan Ho Lau

Here is a photo of many of the authors at the launch in December (h/t Jeannie Marie Paterson, who is – entirely appropriately – front and centre, in the red jacket):