It is panto season, and everyone loves a good villain. This Christmas’ Wicked Stepmother is the Mirror Group who, when asking ‘Mirror, Mirror on the wall, who is the most liable of them all?’ has received the answer from the Court of Appeal that they are and must pay the consequences.

The Court of Appeal’s decision in Mirror Group Newspapers v Gulati & others [2015] EWCA Civ 1291 is a ringing endorsement of the lengthy (over 700 paragraphs) and detailed approach of Mann J at first instance, which Robin Hopkins has previously discussed (here). Given that endorsement, the judgment of Arden LJ can perhaps be taken more quickly than might otherwise be the case.

This is not, however, a wide-ranging discussion of general principle: Arden LJ notes that she was specifically not asked to engage in such an exercise at [3]. Instead, the Court was asked to consider the four grounds of appeal MGN raised, seeking to attack awards of compensation which ranged from £85,000 and £260,250 for phone hacking, blagging and the publication of various articles based upon that material. These were acts encompassed by the tort of misuse of private information.

The first ground is perhaps the one of widest interest. It sought to attack the conclusion of Mann J that he was entitled to award damages for the intrusion into privacy itself, regardless of any particular distress (which was then additionally compensated). In short, was misuse of private information per se entitled to anything more than nominal damages? Arden LJ agreed with Mann J that it was. The reason for this, at [45], was because “by misusing their private information, MGN deprived the respondents of their right to control the use of private information”. Privacy is a fundamental right, and that loss of control is a form of damage. They are not the same as vindicatory damages for breach of constitutional rights, because they remedy the loss or diminution of control over private information as well as for distress suffered: at [47]-[48]. A comparison with Vidal-Hall v Google was rejected because the only damage claimed there was distress.

That does not, of course, resolve the now live issue of whether a breach of the DPA which causes no pecuniary loss or distress should nonetheless result in a damages award which reflects the loss of control the personal data and the breach of the important privacy-based right. It seems unlikely to be long before Gulati is sought to be applied under the DPA.

The second ground was an argument that Mann J had not had sufficient regard to personal injury awards guidance when he adopted an atomised approach taking account of the number of breaches in issue. Arden LJ rejected that criticism. The judge was entitled to look at breaches separately as a matter of discretion, and he was not plainly wrong in his approach (and had had regard to personal injury guidelines). The facts of the cases justified the awards and the approach adopted by Mann J at [229] should be adopted as guidance for future cases: at [74]. The Court declined to fix any sort of tariff: at [77].

The third ground was an attack on quantum by reference to the levels of damages awarded under Article 8 ECHR. This produced a slightly surprising outcome, under which Arden LJ held that the tort of misuse of private information was a matter of domestic English law, and was not a claim for breach of Article 8, and so need not be governed by Strasbourg jurisprudence. Given the existence of the tort is entirely as a result of the need to comply with Article 8, this might be thought an ahistorical approach. It certainly suggests an unexpected result of the conclusion in Vial-Hall that misuse of private information is its own tort and not indelibly linked to breach of confidence.

Finally, the Court of Appeal had no truck whatsoever with the argument that the judge had double-counted in his awards, not least because MGN were unable to point to any particular award which fell foul of this test. Arden LJ rejected the argument that the judge was bound to step back and consider the awards as excessive in the round (at [105]) and concluded the judgment with a damning indictment of MGN. At [106] she noted that:

“Indeed, so far as I can see, there were no mitigating circumstances at all. The employees of MGN instead repeatedly engaged in disgraceful actions and ransacked the respondents’ voicemail to produce in many cases demeaning articles about wholly innocent members of the public in order to create stories for MGN’s newspapers. They appear to have been totally uncaring about the real distress and damage to relationships caused by their callous actions. There are numerous examples in the articles of the disclosure of private medical information, attendance at rehabilitation clinics, domestic violence, emotional calls to partners, details of plans for meeting friends and partners, finances and details of confidential employment negotiations, which the judge found could not have been made if the information had not been obtained by hacking or some other wrongful means. The disclosures were strikingly distressing to the respondents involved.”

Boo, hiss indeed.

Appeal Update: MGN was refused permission to appeal by the Court of Appeal but has said publicly that it intends to seek permission from the Supreme Court.

Christopher Knight