Cyber Breach, Online Harm, Privacy, and the Difficulties of Inventing New Torts

Following the phone hacking scandal, the English Courts dealt with the unruly British media by awarding large damages for the misuse of private information. This differed from previous cases in which damages for such breaches had been relatively modest. Because the tort is new, there is a great deal of uncertainty about "harm" and the appropriate measure of compensation.

This has a connection to the loss of personal data arising from cyber breaches and how to measure the harm caused to those affected by the breach. Tortious principles, such as vicarious liability for a breach by an employee, were considered by the UK Supreme Court in the case involving WM Morrisons Supermarkets plc. We are currently awaiting a decision about the measure of damages for loss of control of data under section 13 of the Data Protection Act in the UK Supreme Court case Lloyd v. Google LLC.

Law makers around the world are trying to regulate against online harms. They face a central difficulty to strike a balance between freedom of expression, privacy, and the removal of harmful content. However, a further problem is simply to define "harm" and how this might give rise to further evolutions in tort.