Major decision on GDPR compensation rights expected soon Could EU residents receive compensation for "non-material" harm caused by illegal data use under the General Data Protection Regulation (GDPR)? We'll find out tomorrow, when the European Court of Justice (ECJ) is set to make a ruling in a case being nervously watched by many a data-hungry company doing business across the …
And the companies that abusively collect and use data would get a major slapdown, causing others to decide that maybe collecting data on users that they don't absolutely need is a bad idea. That would be a big win for everyone (except the companies).
Global law firm Linklaters LLP has said that if the ECJ were to "unexpectedly allow individuals to claim compensation for mere breach or upset, that would open the way to class actions on behalf of those individuals that will run into billions of euros."
And about time too. Maybe they'd start taking things seriously.
Obviously you've not had experience with class actions. They're primarily boondoggles for law firms.
"International Law Firm" is NewSpeak for "American law firm that's squeezed everything it could find out of the US and is looking at lucrative markets overseas". Imaginative torts are a good way to stagnate society,
Yes - they have no direct benefit for us. But they have significant (and potentially almost unbounded) impact on the company - much more than the tiny "fines" our bought-and-paid-for politicians are willing to impose on their corporate friends.
So should start to achieve the changes in behaviour we want to see.
There are no issues with jurisdiction here. It's not so simple if, as seems to be the case, the plaintiff is in Europe but data is passed on and processed in another jurisdiction. AIUI the claim must be made in that other jurisdiction. It really ought to be in the country where the actual data transaction took place. It would be nice to think that if the case succeeds it would apply in the UK but, of course, "we" have taken back control so that "we" actually means "them" and consequently there are no guarantees about that.
Nevertheless it's a step in the right direction.
It's possible to suffer "harm" without quantifiable monetary loss; especially when some opaque system (no doubt an AI) pulls together random nuggets of information and tries to create a profile on a person based upon that, which subsequent people may believe to be some degree of truth even when there's no authorisation to perform the profiling, no verification that any of it is correct, and generally unless the person concerned actively looks they might not even know it happened.
So, yes, let's open the floodgates and then maybe these data hoarders will stop making up shit in order to cash in on us.
Claims for non-material harm have been possible under the GDPR from day one. They're implicit in the Article 9 religious and philosophical belief data categories It's a huge shame that it's taken so long for a test case to be brought. However I'm not at all sure that this case alone will deliver any universal basis for future actions. Given the difficulty to date of getting the regulators to consider non-material harm, only those with the resources to take their matters to court will gain protection, so most breaches of this nature will continue to slip under the radar. Consequently, achieving universal acceptance will take a lot longer yet, all the more as (for example in the UK) commercial interests are progressively inducing governments to relax interpretation of the Regulation.
In 2017 Google/DeepMind slurped 1.6 million medical records from the Royal Free Trust (yup.."trust") with not one consent from the 1.6 million UK citizens whose records were slurped.
Six years later................................ABSOULUTELY NO FINES OR OTHER IMPACTS on the Royal Free Trust, Google or DeepMind.
So.......ABSOLUTELY NO DOWNSIDE TO SERIOUS LAW BREAKING!!!!
"Compensation"............don't make me laugh!!!!!!!
I have tried several times to address illegal usage of my personal data with different authorities. Guess what. Nobody gives a shit. Police is too busy and is only interested if some serious crime is done with the data. Authorities require formal filing in person or by post. But we hardly hear about cases when people get compensated for such incidents. A lot of wasted time with zero outcome. Even large media companies would not take down obvious phishing and scam in their ads, when reported. Sure, most people would not bother.
Provided little interest from law enforcement it is either the whole privacy issue is not serious enough, or impossibility to effectively enforce the law.
An alternative is to force them all pay insurance on data loss, and automatically send checks to their users, when this happens. Private insurance companies will have more motivation to enforce compliance. But this will considerably slow down doing business and add to higher prices for everything. On the other hand this may prevent all kind of scam, when a service is provided without verified insurance.
It's terrible that western society has gone so far down the capitalist plughole that "material damage" seems only to mean "loss of income or financial assets" while a broken bone or slap in the face is considered "nonmaterial".
In real life meanwhile, stress is a primary cause of a bunch of serious and life a threatening conditions. But the advice of our tough-guy types is to " just deal with it"
Yes, it would be good if as well as reputational damage, it could be expanded to "stress caused by knowing that at any point, you could be scammed out of your life savings". If that was worth, say, a few grand per person, cases where millions of people are affected would indeed bring down the company responsible (TalkTalk, for example). Once that is a possibility, shareholders will start asking hard questions - which was the point of GDPR in the first place.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
