On 15 April 2019, the Supreme Court granted supermarket chain Morrisons permission to appeal against the Court of Appeal ruling that it was vicariously liable for its employee’s misuse of data in the first successful UK class action for a data breach.
Permission was granted on all grounds of appeal and the Supreme Court will principally consider:
- whether the common law doctrine of vicarious liability is excluded in cases that engage the data protection legislation (i.e. where the primary tortfeasor’s actions amounted to a breach by the tortfeasor of his or her own obligations under the data protection legislation);
- if the doctrine is excluded in respect of claims brought by reference to the data protection legislation, whether it is equally excluded in respect of any related common law or equitable causes of action; and
- if the doctrine is not excluded, whether the Court of Appeal in any event erred when it decided to uphold the conclusion that Morrisons was vicariously liable in the circumstances of the case.
This latest twist in the Morrisons tale follows the Court of Appeal dismissing an appeal against the High Court’s decision that Morrisons was vicariously liable for its employee’s misuse of data in October 2018, despite: (i) Morrisons having done as much as it reasonably could to prevent the misuse; and (ii) the employee’s intention being to cause reputational or financial damage to Morrisons itself: Wm Morrisons Supermarkets Plc v Various Claimants  EWCA Civ 2339.
- here for our previous article on the Court of Appeal’s judgement and here for the Court of Appeal’s full judgement
- here for our summary of the High Court decision.