How can arbitration help you if your data has been illegally stolen?

Kemi Ojutiku says that arbitration can offer a cheap and effective "remedy", more effective than going to court to protect your rights.

None of us has been able to escape the recent news and publicity surrounding the ‘Data grab’, as it has been dubbed, whereby personal data from reportedly millions of Facebook users was harvested by Cambridge Analytica, a British political consulting company, without their knowledge or consent and used to allegedly help political campaigns.

To some analysts this is the tip of the iceberg and, as we all know, the largest part of an iceberg is the part that is submerged. If this is true then there are more revelations to come.

The fact remains that personal data is given out by all of us, most of the time unwittingly, on a daily basis. Some examples of this are bracelets or apps that monitor our daily exercise habits or even sleep patterns, maps that plot our routes, concerts, conferences and seminars that we sign up to and even loyalty apps/cards for our coffee purchases and other shopping.  

This data, we now know, may be used for reasons that we have not consented to in a number of areas. Some harmless, others not so but the point is that this is our data and it should be responsibly handled.


How is data regulated?

In the United Kingdom the main legislation under which data protection is regulated is the Data Protection Act 1998. From 25th May 2018 the General Data Protection Regulation, which was ratified by the European Union in April 2016, will be implemented into law and organisations will be expected to be fully compliant on this date.

This is a uniform piece of legislation for all EU states. It remains to be seen whether this will remain following BREXIT; however, data protection will continue to be regulated in some shape or form.  There is similar legislation in the United States.

Possible remedies for anyone who has had their data procured and used for a purpose without their consent range from a legal action for damages for a breach of contract, a breach of privacy to a breach of statutory duty etc. Pursuing such an action through the courts is likely to cost a significant amount of time and money with cases often lasting many months, if not years.  

A faster and effective way by which this can be pursued is by way of Arbitration.


What is Arbitration?

This is a non-judicial process for the settlement of disputes where an independent arbitrator makes a binding decision in respect of a dispute. Although just as binding, the process is less formal than the court procedure with the arbitrator’s role being similar to that of a judge.

The procedure is much faster and cheaper than formal legal proceedings and the outcome remains confidential.

How does this apply to a data protection breach? In order for a matter to proceed to arbitration the parties are required to agree to arbitrate the dispute or there must be an arbitration clause in the contract that exists between the parties.

The aggrieved party will need to identify that data of which they are the subject has been used for a purpose that they did not consent to. This is ascertainable by a simple enquiry from the relevant organisation. It was reported that Mark Zuckerberg will apologise to those affected although it is unclear what form and when, if at all, this will take place and whether there will be an acknowledgement to individuals.

Arbitrations are often conducted on the papers without the need for an oral hearing(s). This enables the dispute to be resolved upon the submission of all of the relevant papers requested by the arbitrator who will, in turn, send out the decision, or Award, as it is called, in writing.

Personal data is akin to personal property and should be protected and looked after in the same way as precious possessions are guarded.

Kemi Ojutiku - Direct Access Arbitration Barrister