Cyberattacks and unauthorized access to personal data: What are the consequences for the data controller?

September 8, 2023 Mathilde Gérot & Inès Aramouni
Comment

Article published on September 7, 2023, in *La Lettre des Juristes d'Affaires*— here

 

The CJEU has clarified the scope of data controllers’ liability in the event of a GDPR violation, ruling out any automatic liability and requiring the standard demonstration of a breach, harm, and a causal link. The issue of compensation for non-pecuniary damage remains uncertain, however, as the Court and the Advocate General have adopted approaches that are difficult to reconcile regarding the level of severity required to give rise to a right to compensation. These clarifications, combined with ongoing reforms regarding class actions, could nevertheless lead to a significant increase in litigation against data controllers.

Read comments (0)
Previous

CJEU: Initial Clarifications Regarding GDPR Violations
Next

Litigation and Personal Data: Is the Right of Access the New Article 145 of the Code of Civil Procedure?

Be the first to comment

Will not be published

Sent!

Latest articles

January 17, 2025

CJEU ruling expands GDPR liability regarding unfair competition and AML/CFT

Article published on January 16, 2025, in Compliance Week - here.
European and French case law confirms that a breach of the GDPR—as well as of other...

Read the article
Mathilde Gérot, Attorney

Categories

Website design and SEO by Simplébo Simplébo

Log in