So much has changed in British politics since the EU referendum. We’ve ploughed through five Prime Ministers, weathered a pandemic, and been forced to adapt to an increasingly fractious world.
Yet, in all this time, we have hardly begun to unpick the sprawling morass of EU regulations. For the most part, those farcical rules on the curvature of a banana prevail.
It is not inevitable that the UK must remain saddled with redundant EU laws. An ambitious, determined government could set out a workable plan to shed unnecessary European red tape — and finally get Britain growing.
And, of the crippling legacies of our dalliance with the EU, few are more damaging than the decision to bake the GDPR into domestic law.
For the uninitiated, GDPR (or General Data Protection Regulation) is the reason you are constantly bombarded with “accept cookies” pop-ups. It was designed, with a quintessentially German scepticism of corporate power, to give you control over your digital footprint, ensuring companies cannot hoard your data without permission.
But, while intended as a necessary check on privacy, it has instead fueled a burgeoning industry of litigation-funded class actions, costing businesses billions and making the UK a less attractive place to do business. The growth of group litigation in the UK and Europe has been exponential, with claimant law firms and litigation funders pursuing novel claims that previously would not have been economically feasible.
There’s no doubt that you’ve seen the adverts: “Did you shop at the Co-op?”, “Were you a Southern Water customer?”, “Did you have an M&S Sparks card?”, “Claim your compensation now.” These are the fruits of a newly empowered litigation industry — the product of beefed-up GDPR rules.
Companies absolutely should prioritise consumer privacy. But these rules must be measurable and achievable. Right now, these class action lawsuits are often driven by lawyers in search of claimants, exploiting minor mishaps to secure a payout rather than addressing a genuine grievance.
According to the CMS European Class Action Report 2025, the total cumulative value of class actions in the UK has reached an eye-watering €155 billion. Perhaps most absurdly, competition class actions now involve more than 655 million class members — shocking for a country of 67 million people. Statistically, you are likely enrolled in ten of them right now.
While GDPR enables lawyers to get rich by exploiting the nooks and crannies of confusing regulation, they punish the productive sectors of the economy — the people who actually build things. GDPR has made firms significantly less data-intensive, increasing costs and deterring investment. In fact, economists are increasingly attributing GDPR to Europe’s failure to adapt to the digital age.
The continent has experienced a lost generation of apps, with a 50 per cent reduction in new market entries and a 25 per cent drop in venture deals compared to the US. While Europe’s broader climate of overtaxation and regulation will no doubt have played its part, the huge costs of GDPR should not be underestimated.
What is so frustrating is that, in Britain, this was almost corrected. The Data Protection and Digital Information Bill, introduced by the previous government, promised genuine reform, stripping back the excess red tape to strike a sensible balance between privacy and productivity. But it ran out of time after the snap election. The new Data (Use and Access) Bill is far more modest, leaving the structural flaws of the regime intact (perhaps unsurprising, given the “lawyerly” impulse of the current administration).
Today, companies continue to navigate a legal minefield where a technical infraction triggers a massive lawsuit. And, the consumer hardly wins either. They’re promised a payout that, after the lawyers take their cut, amounts to pennies. (I mean, have you seen any money from the 10 class action lawsuits you’re involved in right now?) Yet, they suffer the second-hand result of these costly litigations as companies pass on costs to consumers through higher prices.
It would stop lawyers clogging up the economy with litigation
But this new genre of data breach class action lawsuits isn’t just meretricious but quietly insidious. As seen in the US data privacy litigation landscape, these actions are becoming one of the fastest-growing types of litigation, with individuals advancing new legal theories to secure out-of-court settlements. Many of these “no win no fee” campaigns have hidden exit fees attached to them. So, say you unwittingly sign up to one of these campaigns but get cold feet and want to leave. “No win, no fee” should mean “no cost to exit”, right? Well, you’d be wrong! Lawyers, now without your backing that justifies their litigative escapade, have the right to slap you with a withdrawal fee. Folks signing up to these seemingly costless campaigns can find themselves owing hundreds of pounds to lawyers who promised them a “no fee” campaign. It’s a poor practice in the underbelly of the legal industry that needs to go.
The UK left the European Union to set our own rules. It is high time we actually did so. Reforming GDPR costs the Treasury nothing and need not endanger our privacy. A sensible plan on GDPR, such as the one laid out by the previous administration, could secure growth and help make the UK the world’s premier destination for tech investment. Moreover, it would stop lawyers clogging up the economy with litigation, and protect unsuspecting citizens from spurious exit fees. It’s a cost-free Brexit win. It just needs to actually happen.
