Presentation is loading. Please wait.

Presentation is loading. Please wait.

Actions for damages under the Data Protection Directive and the GDPR

Published byMariah Osborne Modified over 6 years ago

Similar presentations

Presentation on theme: "Actions for damages under the Data Protection Directive and the GDPR"— Presentation transcript:

1 Actions for damages under the Data Protection Directive and the GDPR
Dr Andrea Mulligan LL.B, LLM(Harv.) BL Barrister-at-Law, Assistant Professor, School of Law, Trinity College Dublin.

2 Damages in Data Protection Law
1. Damages Under the Data Protection Directive – Irish Law 2. Damages Under the Data Protection Directive – UK Law 3. Data Protection Rights in EU Law and the Move Toward Robust Protection 4. Damages Under the GDPR – The New Regime 5. GDPR Damages: Practical Concerns

3 Damages under the Data Protection Directive – Irish Law
DPD imposes obligation on Member States to establish procedures through which individuals can be compensated for breaches of Data Protection Law. Article 23(1): Member States shall provide that any person who has suffered damage as a result of an unlawful processing operation or of any act incompatible with the national provisions adopted pursuant to this Directive is entitled to receive compensation from the controller for the damage suffered. Leaves room for discretion on part of Member State. What kind of damage is compensable?

4 Damages under the Data Protection Directive – Irish Law
The Article 23 obligation implemented in Irish law by Section 7 of the Data Protection Acts : For the purposes of the law of torts and to the extent that that law does not so provide, a person, being a data controller or a data processor, shall, so far as regards the collection by him of personal data or information intended for inclusion in such data or his dealing with such data, owe a duty of care to the data subject concerned…. Note – phrase “duty of care” implies a negligence type action. No reference to type of damage envisaged. Law unclear until case of Collins v FBD insurance.

5 Collins v FBD Insurance [2013] IEHC 137
Facts: Painter-decorator claims for stolen van. FBD investigate and discover conviction for theft of (different) van. Data protection breaches identified by Data Protection Commissioner: failure to comply with subject access request, engagement of private investigator, failure to provide adequate technical and security measures. Plaintiff initiates proceedings in Circuit Court, obtains award of €15,000. FBD appeals to High Court on issue of whether Plaintiff entitled to damages in absence of proof of actual damage. Feeney J: “Compensation is intended to place an individual in the position which that individual would have been apart from the wrong done. In general an entitlement to damages for distress, damage to reputation or upset are not recoverable save where extreme distress results in actual damage, such as recognisable psychiatric injury” Result: action for damages operates like ordinary negligence action.

6 Damages under the Data Protection Directive – UK Law
Vidal-Hall v Google Inc [2016] QB 1003 Case concerning operation of cookies by Google. Action for misuse of private information. No claim for pecuniary loss, only damages in respect of anxiety and distress. UK implementation different to Irish implementation of DPD. Section 13(2) of the UK Data Protection Act 1988:  An individual who suffers distress by reason of any contravention by a data controller of any of the requirements of this Act is entitled to compensation from the data controller for that distress if— (a)the individual also suffers damage by reason of the contravention, or (b)the contravention relates to the processing of personal data for the special purposes. On literal interpretation - no damages available for distress.

7 Damages under the Data Protection Directive – UK Law
Court of Appeal examines the Directive and concludes that proper interpretation requires compensation for non-material damage. Considers Articles 7 and 8 of the Charter of Fundamental Rights of the European Union – protecting the right to privacy and the right to data protection. Breach of fundamental rights requires right to compensation even where no economic harm. Court of Appeal disapplies limitations on definition of damage under Section 13(2).

8 Data Protection Rights in EU Law and the Move toward Robust Protection
Vidal-Hall illustrates new approach to Data Protection Law damages, providing very high level of protection for fundamental rights. Court of Appeal considered FBD v Collins and refused to apply it. Note different methods of interpretation and resulting limitation on Feeney J. Appropriate emphasis on fundamental rights, reflecting cases such as Google Spain, Digital Rights Ireland, and Schrems. Reference to Article 47 and right to a remedy. Collins v FBD likely to be overruled.

9 Damages under the GDPR Article 82(1):
Any person who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation from the controller or processor for the damage suffered. Note obligations on data processors: Any controller involved in processing shall be liable for the damage caused by processing which infringes this Regulation. A processor shall be liable for the damage caused by processing only where it has not complied with obligations of this Regulation specifically directed to processors or where it has acted outside or contrary to lawful instructions of the controller.

10 Damages under the GDPR General Scheme of a Data Protection Bill, published May 2017. Head 91(1) provides:   Where a data subject considers that his or her rights under the Regulation or this Act have been infringed as a result of processing of his or her personal data, such infringement shall be actionable at the suit of the data subject ("data protection action"). Note abandonment of language of “duty of care”. All breaches of GDPR now actionable. Change in regulatory model – towards private enforcement.

11 GDPR Damages: Practical Concerns
Volume of claims. Role of the Data Protection Commissioner Determination of DPC generally regarded as valuable/essential to building of case. Risk of DPC being swamped with minor cases – complaints of “digital ambulance chasing”. Quantum – the million dollar question. Kennedy v Ireland, et al may be useful. Purpose of damages in Data Protection Law – to compensate damage even where damage is mere anxiety and distress.

12 Questions or comments welcome. Dr Andrea Mulligan BL
The Law Library, Four Courts, Inns Quay, Dublin 7. DX

Download ppt "Actions for damages under the Data Protection Directive and the GDPR"

Similar presentations

1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington.

1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington.
Peter Adams Health and Safety - Responsibilities and the Universitys Approach.

Peter Adams Health and Safety - Responsibilities and the Universitys Approach.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Mg.iur. Jānis Kubilis PhD Student (University of Latvia) Attorney at Magnusson Law Firm 19 May 2014.

Mg.iur. Jānis Kubilis PhD Student (University of Latvia) Attorney at Magnusson Law Firm 19 May 2014.
Payment Systems Risk of Loss in the Checking System: Special Rules.

Payment Systems Risk of Loss in the Checking System: Special Rules.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Liability and Procedure in European Antitrust Law The EU Damages Directive Does the European Union overstep the mark again?

Liability and Procedure in European Antitrust Law The EU Damages Directive Does the European Union overstep the mark again?
CIVIL & CRIMINAL LIABILITY Staff Development Emergency Operations Volunteer Training Legal Issues:

CIVIL & CRIMINAL LIABILITY Staff Development Emergency Operations Volunteer Training Legal Issues:
EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.

EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.
University of Sunderland Professionalism and Personal Skills Unit 11 Professionalism and Personal Skills Computer Legislation.

University of Sunderland Professionalism and Personal Skills Unit 11 Professionalism and Personal Skills Computer Legislation.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
4Chapter SECTION OPENER / CLOSER: INSERT BOOK COVER ART Intentional Torts Section 4.1.

4Chapter SECTION OPENER / CLOSER: INSERT BOOK COVER ART Intentional Torts Section 4.1.
The Information Commissioner’s Office David Evans.

The Information Commissioner’s Office David Evans.
B u d a p e s t i Ü g y v é d i K a m a r a A l a p í t v a: 1 8 7 5 Solatium doloris from the point of view of lawyer’s liability insurance in Hungary.

B u d a p e s t i Ü g y v é d i K a m a r a A l a p í t v a: Solatium doloris from the point of view of lawyer’s liability insurance in Hungary.
Customer Service Enforcement After AB 2987 John Risk Communications Support Group, Inc. (c) 2006 John Risk Communications Support Group, Inc. (c) 2006.

Customer Service Enforcement After AB 2987 John Risk Communications Support Group, Inc. (c) 2006 John Risk Communications Support Group, Inc. (c) 2006.
Chapter 5 Torts and Civil Law.

Chapter 5 Torts and Civil Law.
Unit 6 – Civil Law.

Unit 6 – Civil Law.
American Public School Law Torts n Definition of a tort – Intentional interference – Strict Liability – Negligence – Elements of Negligence – Defenses.

American Public School Law Torts n Definition of a tort – Intentional interference – Strict Liability – Negligence – Elements of Negligence – Defenses.
PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.

PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.

Similar presentations

Ads by Google