Privacy class/group actions are becoming increasingly popular as the number of cases related to data breaches and improper data processing has significantly risen. These misconducts present an interesting investment opportunity for litigation funders, aided by the possibilities offered by the GDPR to address such abuses. The scale of the misconduct also plays a crucial role, as demonstrated by the record-breaking €1.2 billion fine imposed by the Irish Data Protection Commission (Facebook's Meta), the largest GDPR fine to date.

Despite the growing popularity of privacy class/group actions, these types of cases also bring forth new challenges. When using out-of-the-box solutions, one quickly encounters US subprocessors that may not always be GDPR-compliant. Additionally, a campaign on an advertising platform can easily fall outside the GDPR guidelines if set up without expertise.

To address these challenges, many parties opt for bookbuilding involving as little data as possible. In this article, we will discuss the challenges involved and present a solution in practice to efficiently build a book in a privacy-related class/group action.

If you enjoyed this article, consider sharing it with others.

Explore related solutions: Bookbuilding - Web Development - Data Processing

Challenge

Efficiently building a substantial book in a privacy-related class/group action without external data processing.

Solution

The implementation of Daccs Privacy Bookbuilding, Web Development, and Data Processing solutions.

Outcome

A book comprising over 130,000 claimants.

Background

In a class/group action against the government concerning a major data breach involving medical data related to Covid vaccinations and tests, a substantial book had to be constructed. The bookbuilding process needed to be carried out without external data processing to maintain a strong position against the defendant. On the other hand, the case could only be fully funded if a sufficient number of claimants participated.

Challenge

In our increasingly digital world, bookbuilding through social media is essential for an efficient bookbuilding strategy. These platforms provide the ability to finely optimize campaigns and gain clear insights into results and effectiveness. However, many major social media platforms may conflict with GDPR guidelines, as evidenced by the fine imposed on Meta. Without the proper knowledge, bookbuilding can contribute to the transfer of data outside the European Union. This makes the use of these platforms for bookbuilding in privacy class/group actions a potential risk, as the plaintiff specifically addresses the defendant based on the GDPR.

Assessing damages in privacy cases is often challenging, and there is limited legal precedent surrounding such matters. Therefore, for funders, it is often important to build a substantial book to cover potential lower compensation amounts. The importance of building a substantial book while mitigating GDPR risks in our current digital world underscores the relevance of a proper approach. This approach should efficiently result in a substantial book without GDPR risks.

Solution

To develop and execute the strategy for building a book in a privacy-friendly manner for the data breach case, Stichting ICAM partnered with Daccs. Daccs applied its Privacy Bookbuilding, Web Development, and Data Processing solutions. While our standard solutions are fully GDPR compliant, we have developed methodologies within our privacy bookbuilding that allow us to optimize campaigns based on non-personal data. This enabled us to gain clear insights into the performance of creatives, ad copy, and target audiences, forming the basis for further campaign optimization. Our solution efficiently delivered results comparable to campaigns with tracking applications.

Result

Through the use of Daccs Privacy Bookbuilding, Web Development, and Data Processing solutions, along with the expertise of our media buyers and marketing team, we were able to build a claimant book comprising over 130,000 claimants within a few months in a privacy friendly manner.