Rocio Concha, Which? Director of Policy and Advocacy, said:
“This will be disappointing news for millions of consumers who may now struggle to get redress for potentially having had their personal data exploited by Google.
“People who have suffered from data breaches must be able to hold big companies to account and get the redress they deserve. Which? has repeatedly called for consumers to have an easier route to redress when they suffer from data breaches.
“The government must allow for an opt-out collective redress regime which would mean that affected victims would be automatically included in the action and be represented by a body bringing the claim on behalf of those affected.”
Notes to editors
The government has the power to facilitate better redress by implementing Article 80(2) GDPR but it decided against doing so in its review of the Data Protection Act 2018. This change would allow not-for-profit organisations to bring collective redress actions on behalf of people on an ‘opt-out’ basis, without those consumers each having to bring – or to appoint a representative body to bring – an individual case against the company involved.