Mark Halliday – Court Ruling (United Kingdom, 2013)

A data subject (the claimant) purchased a television on credit through a financial services provider (the controller). Following a dispute, a court approved a consent order in February 2008 requiring the controller to discharge the credit agreement and delete all related data. Despite this order, the controller made erroneous data entries falsely showing the data subject owed £1,500 and transmitted this incorrect information to a credit reference agency (Equifax) between February and October 2008. When the data subject discovered the incorrect entries in May 2008, the false data remained on his credit file for approximately four months after discovery before removal in October 2008. The data subject had not complained immediately, only writing to the controller in July after checking again in June. The controller failed to defend against the data subject's counterclaim alleging breaches of the Data Protection Act 1998, resulting in a judgment in default. The Court of Appeal held that nominal damages satisfy the "damage" requirement under section 13(1) of the Data Protection Act 1998, thereby enabling a claim for distress damages under section 13(2) without proving substantial financial loss. The Court awarded £1 in nominal damages and £750 in damages for distress, establishing that frustration caused by breaches of important data protection principles merits compensation. The Court rejected applying discrimination law damages bands to data protection cases and confirmed that compensation aims to adequately remedy breaches, not to punish. The decision establishes that even single-episode breaches involving inaccurate data shared with third parties can warrant substantial non-material damages where the data subject suffered distress from the violation.