By Max Malkovich. Last Updated 5th July 2022. Every day we are offered better internet packages by suppliers claiming they can save us money. It can be very tempting to switch around to get the best deal. Each time we do this, we need to hand over personal information to the supplier. We consent to the sharing of this data as we understand that it enables those companies to provide better services. But what happens if our personal data gets used for reasons it shouldn’t? In this article, we examine data protection breach claims against EE and the rights you have when a broadband and mobile network supplier fail in their legal duty to keep your data safe.
Any company that has suffered a cyberattack that results in a data breach has a responsibility to tell you without delay. Perhaps you were contacted by EE to inform you that your data was implicated in either a hack or exposed due to staff error or misconduct? Or possibly even the company themselves had participated in activities with your personal information that was not lawful and they were reprimanded? If you have evidence of what happened, we can help.
At Legal Helpline we can connect you to our panel of data breach lawyers who could take up your claim and obtain compensation for the impact of a data breach. Was money stolen from you as a result of this data error? Did cybercriminals use your information to set up credit in your name leaving you with the consequences?
Get your case started right now by:
- Calling us on 0161 696 9685
- Writing or emailing us at Legal Helpline
- Using the ‘live support’ option, bottom right to access instant help.
Select A Section
- A Guide On Data Protection Breach Claims Against EE
- What Is A Data Protection Breach Claim Against EE?
- What Is A Third Party Under The GDPR?
- Details Of The EE Data Breach
- Calculating Compensation For A Data Breach
- Material And Non-Material Damages Awarded For Data Breaches
- How To Report Your Data Breach To The Information Commissioner’s Office
- Make A Data Protection Breach Claim Against EE With A No Win No Fee Solicitor
- How To Get Help From A Data Breach Protection Lawyer
- How To Begin Your Data Breach Compensation Claim
- Talk To A Solicitor
- Frequently Asked Questions People Ask About Data Breaches
- Where To Learn More
Your personal data is more than just a name or address. It can be every meaningful detail about you to cybercriminals who are adept at exploiting this information for fraudulent gain. Whether it’s on or offline, exposed data could result in everything from sudden unwanted emails and text messages right the way up to complete identity theft.
The General Data Protection Regulation (GDPR) became UK law in 2018 thanks to the enactment of the Data Protection Act 2018, and now lays out detailed responsibilities for all companies, organisations and individuals when it comes to handling the personal information of others. These laws are enforced by the Information Commissioner’s Office (ICO) which is an independent regulator with far-reaching powers. The ICO can launch investigations, track improvements and issue severe penalties to anyone who tries to flout or disregard GDPR. We explain in detail what this means below.
As the victim of a data breach, you can suffer acute levels of anguish and financial chaos. We examine how breaches might happen. Together with a landmark case called Vidal-Hall v Google, which altered the position of the law on seeking damages for data breaches, it’s now possible for No Win No Fee data breach solicitors to seek damages for mental distress on behalf of claimants. Our compensation table below shows what could be possible with the right evidence and medical proof.
In short, you do not have to be a victim of a data breach that cost you money or peace of mind. Speak to our team today and we can advise you of your rights in relation to data protection claims against EE or any other mobile network operator who failed in their duty.
GDPR law defines a data breach as the accidental or deliberate:
- Unauthorised sharing
of any personal data that might expose the data subject to damage. That damage can take the form of financial or emotional harm. The ICO has tried to simplify techniques for safeguarding against data breaches for companies by creating seven core principles of good conduct:
- Data collection should be legal, fair and its use should be obvious
- The reasons for collecting the data should be clearly stated
- Only the precisely required data should be collected
- It should be accurate and updated regularly
- There should be limits on how long the data is kept and procedures for its destruction
- Confidentiality should be an integral part of everyone involved in its handling
- Accountability – prompt admission to a problem followed by practical steps to resolve the breach.
In addition, paper or digital data breaches must be made known to the ICO within a 72-hour time frame. This is a legal requirement. They should also notify affected individuals without undue delay.
How might EE breach my data?
In busy modern workplaces, the sharing and transmission of information happens faster than ever. It’s an essential part of doing business and we consent to it every time we interact online or engage the services of a company.
Unavoidably, this can lead to human error where data might be placed at risk. Some examples of this could be:
- Staff openly discussing your details
- Computer screens with sensitive information left in plain view
- The incorrect disposal of sensitive waste
- Data or correspondence being sent to the wrong recipient
- Unredacted documents shared
- Filing cabinets left open and exposed
- Loss or theft of laptops, USB sticks or smartphones
With this in mind, it’s easy to see how absent-minded staff can cause serious risk. Furthermore, if a company is determined to push the limits of GDPR, they could quite easily use your data for purposes other than the pre-agreed ones and expose you to online exploitation as a result.
Unwanted text messages and mobile phone alerts are irritating but not life-threatening. Real harm from a data breach can result if your information gets into the wrong hands. Online criminals trade in exactly these sort of details as a way to defraud banks and assume identities.
There is simply no way to predict the extent of the damage you might suffer if your data is exploited.
Speak to our team if you have already experienced either financial or emotional repercussions from a data breach that was not your fault.
Data sharing is not a bad thing. It helps companies function better and can improve the services on offer to the customer. It can even strengthen data security as each party involved is another obstacle to potential outside hacking. Let’s look at the three main people involved in data use:
- Controllers – are those who are in original possession of our information. This can be consensual on our part or it can be information legally required. Generally, we are giving either overt to tacit approval at this stage for the data to be used.
- Processors – are the agencies who are given the job of circulating, storing, transporting and using the data on behalf of the controllers. Processors can be people and companies either inside or outside of the company, but they are just as responsible for proper data management as controllers.
- Third parties are the end-users of the data. This can be any company the controller considers could help them provide better services or expand profits. Third-party users are bound by GDPR laws but it can be much harder to control what happens to data by the time it gets here. The labyrinthine nature of the internet means it can be very difficult to control who is doing what with our data and cookie use is an essential way for the beleaguered consumer to take back some control.
Each person involved throughout all stages of the data sharing process is equally responsible and liable for a data breach if they violate their legal duties.
There are circumstances in which a data controller can share your information without your consent. These instances relate to consent, legal obligations, public tasks, and legitimate interests. Learn more in this ICO guide, ‘does an organisation need my consent?’
The ICO investigated and fined mobile network operator EE £100,000 in 2019 for sending 2.5 million unlawful direct marketing text messages to its customers.
The first message encouraged customers to use a new EE App to access their account. Then a second text was sent to reach customers who had not engaged with the first. EE tried to excuse the texts as ‘service messages’; the ICO was not convinced and found them to contain direct overtures of marketing. More a misinterpretation of GDPR law than a deliberate breach, the company was still fined.
In another EE data protection breach case, a female was harassed in text messages by a former EE employee who used her details inappropriately to stalk her. It transpired that the employee was the victim’s ex-partner, and from her perspective, EE did little to rectify the issue until she made it public via Twitter.
Clearly, GDPR data protection breaches can occur in many ways if the basic principles are flouted.
While both examples here amounted more to human error than hacking, mobile phone network providers are uniquely positioned to be targets of cybercrime.
The phone numbers, emails, data use and website information contained within smartphone memory represents a treasure chest of opportunities for the unscrupulous hacker. EE has a legal duty to safeguard this information.
There are two types of compensation you could receive when you’re claiming for a personal data breach. Material damages are the damages that equate to the financial losses caused by the breach. Non-material damages are for the psychological injuries, such as anxiety, depression and PTSD, that could be caused should a personal data breach occur.
The ruling in the Vidal-Hall and Others v Google  case means that you can now claim for non-material damages caused by a data breach without also needing to claim for material damages. If you have suffered from a personal data breach, under GDPR regulations, your psychological injuries will now be assessed in the same way as they are during personal injury claims.
The Judicial College Guidelines can give you a clearer idea of your potential compensation for non-material damages. This information has been taken from the latest guidelines, published in 2022. However, please remember that these figures are not guaranteed, as there any many factors that can affect your potential compensation figure.
|Psychiatric damage - severe||Extreme and lasting problems chronically affecting many areas of life.||£54,830 to £115,730|
|Psychiatric damage - moderately severe||Significant problems like stress and trouble working or sleeping.||£19,070 to £54,830|
|Psychiatric damage - less severe||The effect on daily activities and sleep will be taken into account.||£1,540 to £5,860|
|PTSD - severe||Inability to function at work or in life as normal.||£59,860 to £100,670|
|PTSD - moderately severe||Recovery possible but disabilities for foreseeable future with prognosis of some recovery with professional help.||£23,150 to £59,860|
|PTSD - moderate||Largely recovered but some lingering and persisting symptoms, even with therapy.||£8,180 to £23,150|
|PTSD - less severe||Minor symptoms but mostly recovered within 2 years.||£3,950 to £8,180|
If you would like to know more about what to do should an EE data breach occur, please contact our team for free using the details above. They can inform you of your claim eligibility and answer any questions you might have about the claims process.
Material damage might include:
- Money was stolen from your account
- Fraudulent credit opened in your name
- Late fees and unauthorised bank charges incurred
- Missed work from illness
- Costs of counselling to deal with sudden and overwhelming stress
Al these awful repercussions carry a price. This is grossly unfair. When you entrust an organisation like EE with your details you expect them to have the robust software in place to provide proper security around your information.
It’s not unreasonable to hope that their staff are properly trained and aware of their data security responsibilities too.
Likewise, you could endure a whole nightmare of health impacts. The gnawing doubts and fears about what might be happening to your name, address, bank details or personal contacts is enough to cause serious distress. You may suddenly find yourself suffering from:
- Loss of sleep
- Anxiety and acute worry
- Sudden phobias or irrational fears
- Depression and panic attacks
- PTSD (Post-traumatic stress disorder)
- Suicidal thoughts
- Damage to personal relationships
- Loss of pleasure in life
Each and every one of these health impacts can be debilitating and serious. Even after the breach has been addressed, you could be left with nagging suspicions that change the way you interact with strangers or companies ever again. This is an enormous price to pay for the irresponsible conduct of a mobile network employee or some faceless criminal on the other side of the world.
Money is not the magic answer but compensation can at least help you to repair the financial damage and equip yourself with the resources to face a brighter future after the data breach that ruined your life.
To learn more about claiming data breach compensation, please get in touch with our team.
The ICO understands the seriousness of a data breach. They offer a wealth of online information on why your data matters to assist people with their search for clarity and protection. They can offer advice on:
- Your right to be informed of how your data is being used
- Your right to get copies of the data held about you
- How you can get your data corrected
- Getting your data properly deleted
- How to request that companies limit your data use
- Improving access to the data held about you
- Your right to object to non-human data decisions made about you
Transparency, fairness and legality are at the heart of what the ICO does, but they cannot get you compensation. In order to seek damages for the data breach, you would need to make a claim against the company yourself.
Step by Step
There is a recommended data breach course of action that guides you step by step through the process:
- Write to EE expressing your concerns about your data. You can use this template
- Wait for a reply no longer than three months. If the response is unsatisfactory, you can ask the ICO to investigate. After this time the ICO may not consider the case as current or serious
- Collect your proof of emotional and financial damage
- Contact Legal Helpline to connect with a data breach solicitor
You do not have to involve the ICO. If the breach is large scale and affects many consumers, they should already know about it. When you do reach out to the ICO, whether they take your case up or not, it can lend credibility to your claim and proves that you considered it serious enough to request their help. They can also apply pressure on EE to reveal more details about what happened.
To learn more about what to do in the wake of a data breach, please get in touch.
Data protection breach claims against EE are possible with the right proof. It’s important to stress that you need actual evidence of either the financial or emotional harm done to start a case. This can be in the form of bills or bank statements or correspondence from the firm, or the results of a psychiatric evaluation by a medical professional, such as your local GP.
Once you have this proof, you could start a case today at no upfront cost by using the services of a No Win No Fee data breach lawyer.
Because of the changes in law around data breach compensation, your No Win No Fee lawyer could work with you in precisely the same way as any other personal injury case. They can compile the evidence and arrive at an accurate approximation of what your claim could be worth.
Using a legal professional in this way has many advantages. There is no fee to pay upfront for a No Win No Fee lawyer. There are no fees to pay as the case progresses. If the case fails, there are no fees to pay at all.
Because the lawyer takes a small, legally capped percentage from the final settlement as their fee in a successful claim, you know that they are concentrating on your case and aiming for the highest possible award on your behalf.
You can represent yourself of course, but with these benefits, it makes sense to connect with a No Win No Fee lawyer. We can help you with that. Just call us on the above number to learn more.
If considering data protection breach claims against EE you might want to find a No Win No Fee lawyer online or in the high street closest to you. There are drawbacks to both options. Firstly, the choice online can be overwhelming. Also, how much experience does the company up the road have with data breach cases?
So it’s essential to get your case right the first time. Data breach cases are usually considered only once. You want to ensure that every cost is factored in so that you are not liable for any nasty shocks from future fraud perpetrated in your name.
At Legal Helpline, we can introduce you to data breach lawyers with the expertise and skill to maximise the potential of your claim.
Our advisors can assist clients all across the UK enabling them to benefit from a much wider resource of professional help. In one brief chat with our team, it’s possible to assess your case and get things started.
To summarise, the information covered in this article can help you recover damages for financial and emotional harm caused by a data breach by a mobile network provider.
If a member of EE staff failed in their duty to handle your data properly or EE themselves were negligent in their cyber defence you could have grounds to explore a potential claim.
- Complaining officially to EE
- Waiting three months to see what they say
- If you are not satisfied, involve the ICO (optional)
- Collect proof of emotional or financial damage
- Contact Legal Helpline to help you connect with a No Win No Fee data breach lawyer
Thank you for reading this guide on EE data protection breach claims. Why not start right now? Our friendly team are ready to help you by:
- Calling us on 0161 696 9685
- Writing or emailing us at Legal Helpline
- Using the ‘live support’ option, bottom right
In this section, we’ve included answers to some questions about data breach claims.
How much compensation can you get for a data breach?
EE breach of data protection cases will be different and compensation amounts variable. As proof of harm will differ, so might the ultimate settlement award. Without a doubt, the best preparation is as much detailed proof of damage you can assemble and your case can be decided on its full merit.
What are my rights if my data has been breached?
The link above to GDPR explains your rights to data protection. If you can demonstrate that a breach caused you harm, you can seek damages and numerous other forms against the company or individual involved. Speak to our team for instant advice on your rights.
What can I do if my data has been breached?
If the breach involves mobile phone data, speak to your provider immediately. If they are aware of the breach, they can assist. Should they be reluctant to help, you can report them to the ICO. Also, in addition to this, you can sue them for damages with the help of a No Win No Fee data breach solicitor.
Thank you for reading our guide on data protection breach claims against EE. We can offer more information on how Legal Helpline can handle GDPR data breach compensation claims. We also specialise in bank data breach claims and NHS data breach cases. Get in touch and chat your concerns over with our team.
Cybersecurity issues are new to everyone. We are all learning how to understand the risks and defend ourselves better against threats. Expressions such as firewalls, malware, ransomware, Rootkit and Spyware are confusing if you do not know what they mean. An excellent place to start is this government website on improving your data security at home and work. You can also get help as the victim of data breach issues here.
Thank you for reading our guide to data protection breach claims against EE