The European Court of Justice has issued an important judgment this morning confirming that consumer bodies can bring opt-out class action claims for breaches of data protection, including where the infringement also relates to consumer protection and unfair commercial practices laws.

With a few high-profile exceptions, consumer group-led class actions for breaches of European privacy rules haven’t taken off in the way that businesses might have expected or feared.  Today’s judgment doesn’t fundamentally change the ability of consumer associations to bring those claims, so it’s going to be interesting to see whether they are emboldened now to ramp up their activities in this area.

One aspect of the judgment that consumer groups might look to capitalise on is the confirmation that they can bring claims relating to unfair commercial practices and consumer protection laws if the allegedly infringing practices also involve data protection.  Combined with the low threshold for bringing claims, that’s going to create additional challenges for businesses, who are now on notice that they need to view their practices through the dual lenses of privacy and consumer protection, if they don’t already.

But if you’re being cynical the real winners here are the overstretched and underfunded regulators some of whom may secretly be hoping that increased consumer group litigation will help to lift the burden on their shoulders and deflect criticisms about their own lack of enforcement.