back to article Major decision on GDPR compensation rights expected soon

Could EU residents receive compensation for "non-material" harm caused by illegal data use under the General Data Protection Regulation (GDPR)? We'll find out tomorrow, when the European Court of Justice (ECJ) is set to make a ruling in a case being nervously watched by many a data-hungry company doing business across the …

  1. Neil Barnes Silver badge

    The easy way to avoid being sued for data breaches

    is not to collect the bloody stuff in the first place.

    1. Anonymous Coward
      Anonymous Coward

      Re: The easy way to avoid being sued for data breaches

      I'd love to understand who actually benefits from GDPR. Other than law firms.

      That horse bolted a decade ago.

      1. Graham Cobb Silver badge

        Re: The easy way to avoid being sued for data breaches

        Well, if this case goes the way of the plaintiff then everyone who's data has been unlawfully processed will benefit.

        Let me know next time I can help you understand something.

        1. Alien Doctor 1.1

          Re: The easy way to avoid being sued for data breaches

          What was probably meant is that only the lawyers will get a decent income from this, the clients may get a quid or two each; that is the value of our privacy.

          1. Anonymous Coward
            Anonymous Coward

            Re: The easy way to avoid being sued for data breaches

            And the companies that abusively collect and use data would get a major slapdown, causing others to decide that maybe collecting data on users that they don't absolutely need is a bad idea. That would be a big win for everyone (except the companies).

  2. Anonymous Coward
    Anonymous Coward


    Global law firm Linklaters LLP has said that if the ECJ were to "unexpectedly allow individuals to claim compensation for mere breach or upset, that would open the way to class actions on behalf of those individuals that will run into billions of euros."

    And about time too. Maybe they'd start taking things seriously.

    1. martinusher Silver badge

      Re: Word

      Obviously you've not had experience with class actions. They're primarily boondoggles for law firms.

      "International Law Firm" is NewSpeak for "American law firm that's squeezed everything it could find out of the US and is looking at lucrative markets overseas". Imaginative torts are a good way to stagnate society,

      1. Graham Cobb Silver badge

        Re: Word

        Yes - they have no direct benefit for us. But they have significant (and potentially almost unbounded) impact on the company - much more than the tiny "fines" our bought-and-paid-for politicians are willing to impose on their corporate friends.

        So should start to achieve the changes in behaviour we want to see.

      2. IT Hack

        Re: Word

        Linklaters run out of London and have done since 1838.

  3. Doctor Syntax Silver badge

    If they do get sued "bloody stuff" will be fairly polite compared to what they call it.

  4. Doctor Syntax Silver badge

    There are no issues with jurisdiction here. It's not so simple if, as seems to be the case, the plaintiff is in Europe but data is passed on and processed in another jurisdiction. AIUI the claim must be made in that other jurisdiction. It really ought to be in the country where the actual data transaction took place. It would be nice to think that if the case succeeds it would apply in the UK but, of course, "we" have taken back control so that "we" actually means "them" and consequently there are no guarantees about that.

    Nevertheless it's a step in the right direction.

  5. heyrick Silver badge

    A good step forward

    It's possible to suffer "harm" without quantifiable monetary loss; especially when some opaque system (no doubt an AI) pulls together random nuggets of information and tries to create a profile on a person based upon that, which subsequent people may believe to be some degree of truth even when there's no authorisation to perform the profiling, no verification that any of it is correct, and generally unless the person concerned actively looks they might not even know it happened.

    So, yes, let's open the floodgates and then maybe these data hoarders will stop making up shit in order to cash in on us.

    1. Mike 137 Silver badge

      Re: A good step forward

      Claims for non-material harm have been possible under the GDPR from day one. They're implicit in the Article 9 religious and philosophical belief data categories It's a huge shame that it's taken so long for a test case to be brought. However I'm not at all sure that this case alone will deliver any universal basis for future actions. Given the difficulty to date of getting the regulators to consider non-material harm, only those with the resources to take their matters to court will gain protection, so most breaches of this nature will continue to slip under the radar. Consequently, achieving universal acceptance will take a lot longer yet, all the more as (for example in the UK) commercial interests are progressively inducing governments to relax interpretation of the Regulation.

  6. Zippy´s Sausage Factory

    I notice the lawyer wasn't quoted about protecting people's privacy, information, or reputations, but that what was important was his opinion that it could "breathe life back into the moribund UK privacy class action market."

    Grimly capitalistic.

  7. Wolfclaw

    EU will bottle it under pressure of Megacorps frightened of losing of billions !

  8. Anonymous Coward
    Anonymous Coward

    GDPR is a joke....

    In 2017 Google/DeepMind slurped 1.6 million medical records from the Royal Free Trust (yup.."trust") with not one consent from the 1.6 million UK citizens whose records were slurped.

    Six years later................................ABSOULUTELY NO FINES OR OTHER IMPACTS on the Royal Free Trust, Google or DeepMind.


    "Compensation"............don't make me laugh!!!!!!!

    1. bo111

      GDPR is a joke without enforcement

      I have tried several times to address illegal usage of my personal data with different authorities. Guess what. Nobody gives a shit. Police is too busy and is only interested if some serious crime is done with the data. Authorities require formal filing in person or by post. But we hardly hear about cases when people get compensated for such incidents. A lot of wasted time with zero outcome. Even large media companies would not take down obvious phishing and scam in their ads, when reported. Sure, most people would not bother.

      Provided little interest from law enforcement it is either the whole privacy issue is not serious enough, or impossibility to effectively enforce the law.

      An alternative is to force them all pay insurance on data loss, and automatically send checks to their users, when this happens. Private insurance companies will have more motivation to enforce compliance. But this will considerably slow down doing business and add to higher prices for everything. On the other hand this may prevent all kind of scam, when a service is provided without verified insurance.

      1. IT Hack

        Re: GDPR is a joke without enforcement

        Any GDPR violations need to be reported to the ICO - Information Commissioners Office

        1. IT Hack

          Re: GDPR is a joke without enforcement

          Dunno who downvoted but I guess you can't teach stupid.

  9. jmch Silver badge


    It's terrible that western society has gone so far down the capitalist plughole that "material damage" seems only to mean "loss of income or financial assets" while a broken bone or slap in the face is considered "nonmaterial".

    In real life meanwhile, stress is a primary cause of a bunch of serious and life a threatening conditions. But the advice of our tough-guy types is to " just deal with it"

    1. Missing Semicolon Silver badge

      Re: Mon-material

      Yes, it would be good if as well as reputational damage, it could be expanded to "stress caused by knowing that at any point, you could be scammed out of your life savings". If that was worth, say, a few grand per person, cases where millions of people are affected would indeed bring down the company responsible (TalkTalk, for example). Once that is a possibility, shareholders will start asking hard questions - which was the point of GDPR in the first place.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like