Contains public sector information licensed under the Open Justice Licence v1.0.
High Court of Ireland
(Apr 11, 2024)
Copy Cite
[2024] IEHC 203
Case Information
Click here to read the full judgment
Dillon v Irish Life Assurance PLC (Approved)
Smart Summary (Beta)
Factual and Procedural Background
This appeal arises from a decision of the Circuit Court dated 3 May 2022, which dismissed the Plaintiff's proceedings on the grounds that they were frivolous, vexatious, or bound to fail. The Defendant had moved to strike out the proceedings on the basis that the Plaintiff failed to obtain prior authorisation from the Personal Injuries Assessment Board ("PIAB") and/or an order pursuant to section 10(3) of the Civil Liability and Courts Act 2004.
The Plaintiff, owner of a life assurance policy with the Defendant, alleged that the Defendant unlawfully and incorrectly sent six letters containing the Plaintiff’s personal data to an unauthorised third party on various dates between 2008 and 2020. The Plaintiff claimed these acts constituted data breaches caused by negligence and breach of statutory duty by the Defendant.
The Plaintiff sought damages for distress, upset, anxiety, inconvenience, loss, and damage resulting from these breaches, relying on the Data Protection Acts 1988 and 2003, the GDPR, and the Data Protection Act 2018. The Plaintiff narrowed the claim to breaches occurring after 25 May 2018, the effective date of the GDPR.
The Defendant raised preliminary objections, including the absence of prior PIAB authorisation, and sought to strike out the proceedings on this ground. The Plaintiff opposed the motion, asserting no need for prior authorisation.
Legal Issues Presented
- Whether the Plaintiff’s claims for damages arising from alleged breaches of data protection rights constitute a "civil action" under the Personal Injuries Assessment Board Act 2003, thereby requiring prior authorisation from PIAB.
- Whether damages claimed for distress, upset, anxiety, inconvenience, loss, and damage fall within the statutory definition of "personal injuries" for the purposes of the Act of 2003.
- The interaction and compatibility of claims under the GDPR and the Data Protection Act 2018 with the procedural requirements of the Act of 2003, including the requirement for PIAB authorisation.
- The legal effect of seeking both a declaration and damages in the context of the Act of 2003’s scope.
Arguments of the Parties
Appellant's Arguments
- The Plaintiff contended that the claims relate primarily to non-material damage under the GDPR and the Data Protection Act 2018, and thus do not constitute a claim for personal injuries requiring PIAB authorisation.
- The Plaintiff argued that distress, upset, and anxiety as pleaded are ordinary emotional reactions and do not amount to an impairment of mental condition as defined by the legislation.
- The Plaintiff asserted that damages for distress and upset are not recoverable absent a recognised psychiatric illness, and therefore the claim is not a personal injuries claim.
- The Plaintiff highlighted that current PIAB practices requiring medical reports reinforce that the claim does not fall within the definition of personal injuries.
- The Plaintiff argued that the procedural requirement for PIAB authorisation would undermine the effectiveness and coherence of data protection rights under EU law.
Respondent's Arguments
- The Defendant maintained that the Plaintiff’s claim constituted a civil action under the Act of 2003 because it sought damages for a wrong that includes personal injuries, specifically impairment of mental condition.
- The Defendant relied on the statutory definitions in the Act of 1961 and the Act of 2003, as well as Supreme Court authority, to support that claims for distress, upset, and anxiety fall within the personal injuries definition.
- The Defendant argued that claims under the GDPR and the Data Protection Act 2018 are tort-based and thus fall within the Act of 2003’s scope requiring PIAB authorisation.
- The Defendant pointed out that the Oireachtas did not exclude GDPR claims from the Act of 2003’s application, despite excluding other categories of claims.
- The Defendant contended that the procedural requirement for PIAB authorisation is compatible with EU law principles, including equivalence and effectiveness, as confirmed by the CJEU.
Table of Precedents Cited
| Precedent | Rule or Principle Cited For | Application by the Court |
|---|---|---|
| Clarke v. O'Gorman [2014] 3 IR 340 | Definition and scope of "civil action" and "personal injuries" under the Act of 2003; distinction between cause of action and damages claimed. | Used to clarify that claims seeking damages for impairment of mental condition qualify as personal injuries requiring PIAB authorisation. |
| Sun Fat Chan v. Osseous Ltd [1992] 1 IR 425 | Principle that jurisdiction to strike out proceedings should be exercised with care and only in clear cases. | Guided the court’s cautious approach to striking out the Plaintiff’s proceedings. |
| Keane v. Central Statistics Office [2024] IEHC 20 | Application of Act of 2003 to data protection claims involving personal injuries; requirement for PIAB authorisation. | Distinguished from current case but affirmed that claims for anxiety and distress related to data breaches are personal injuries claims. |
| Campbell v. O'Donnell & Ors [2009] 1 IR 133 | Seeking a declaration in respect of a wrong is part of the same civil action as a claim for damages. | Supported the court’s view that the Plaintiff’s claim for declaration and damages cannot be separated for PIAB authorisation purposes. |
| Murray v. Budds & Anor [2017] 2 IR 178 | Damages for worry and stress without recognised psychiatric illness are not recoverable but still amount to personal injuries for limitation purposes. | Confirmed that claims for distress and anxiety fall within the definition of personal injuries under the legislation. |
| Walter & Anor v. Crossan Homes Ltd & Ors [2014] 1 IR 76 | Damages for distress and inconvenience recoverable in contract but not in negligence. | Referenced to distinguish recoverability of damages in negligence claims but not to exclude personal injuries characterization. |
| Addis v. Gramophone Company Ltd [1909] AC 488 | General rule that damages for mental distress are not recoverable in breach of contract claims. | Reaffirmed the law relevant to damages for mental distress in contract claims, providing context for damages recoverability. |
| UI v. Österreichische Post AG (CJEU Case C-300/21) | Non-material damage claims under GDPR do not require a threshold of seriousness; national procedural rules apply if effective and equivalent. | Supported the compatibility of PIAB authorisation requirement with EU law for GDPR claims. |
Court's Reasoning and Analysis
The Court began by affirming the principle that striking out proceedings requires clear justification, referencing established authority. The Court then examined whether the Plaintiff’s claims fall within the Act of 2003’s definition of a "civil action," which entails a claim for damages for personal injuries arising from a wrong.
Applying the statutory definitions from the Act of 1961 and the Act of 2003, the Court found that "personal injuries" include any impairment of a person’s physical or mental condition, without restriction to injuries that necessarily give rise to recoverable damages. The Court distinguished between the legal definition of personal injuries and the recoverability of damages for such injuries.
The Court considered the Plaintiff’s pleaded claims of distress, upset, and anxiety and found them to fall within the statutory definition of impairment of mental condition. While the Plaintiff argued these were mere emotional reactions not amounting to personal injuries, the Court noted Supreme Court authority treating similar claims (e.g., worry and stress) as personal injuries for limitation and procedural purposes.
The Court rejected the Plaintiff’s argument that claims under the GDPR for non-material damages are exempt from the Act of 2003’s procedural requirements. It held that claims under the Data Protection Act 2018 are tort-based and thus constitute "wrongs" within the meaning of the legislation. The Court found no conflict with EU law principles, referencing the CJEU’s decision in UI v. Österreichische Post AG, which permits national procedural rules so long as they respect equivalence and effectiveness.
The Court further held that seeking a declaration alongside damages does not alter the character of the civil action for PIAB authorisation purposes. The Court acknowledged that the Plaintiff’s phrasing may be boilerplate but concluded that the pleaded claims have legal significance and are not so vague as to warrant dismissal on that basis.
Ultimately, the Court concluded that the Plaintiff’s claims are civil actions within the meaning of the Act of 2003, requiring prior PIAB authorisation, which the Plaintiff had not obtained.
Holding and Implications
The Court held that the Plaintiff’s proceedings constitute a civil action under the Personal Injuries Assessment Board Act 2003 and therefore required prior authorisation from PIAB, which was not obtained. Consequently, the Plaintiff’s claim was properly subject to being struck out on that procedural ground.
The direct effect is that the Plaintiff’s proceedings cannot continue without compliance with the statutory procedural prerequisites. No new precedent was established beyond the application and affirmation of existing legal principles. The Court scheduled a final hearing to determine the formulation of final orders, including costs.
Click here to read the full judgment
This is a paid feature.
Please subscribe to download the judgment.
Please subscribe to download the judgment.
Size
= Directly proportional to the number of citations
Color = Jurisdiction
U.S. Supreme Court
State Supreme Court
Court of Appeals
District Courts
Line Incoming
= Cited by Outgoing =
Cites
Use AI to get other relevant cases.
Comments