European judges provide initial guidance on the scope of a data controller’s liability in the event of a GDPR violation

June 28, 2023 Mathilde Gérot & Inès Aramouni
Comment

Article published on June 28, 2023, in Le Monde du Droit -here

 

In the event of a cyberattack, data controllers are not automatically held civilly liable for a breach of the GDPR: the CJEU requires proof of the three standard conditions—breach, damage, and causation. The issue of liability exemption remains delicate, however, as the data controller must prove that its security measures were adequate, without being able to cite the actions of a third party as a basis for exemption. Finally, the debate over the threshold of severity for compensable non-pecuniary damage—on which the Court and the Advocate General disagree—is likely to determine the future scope of litigation in this area.

Lire les commentaires (0)
Previous

LOPMI - A Promising Outlook for the Cyber Insurance Market
Next

CJEU: Initial Clarifications Regarding GDPR Violations

Be the first to comment

Will not be published

Sent!

Latest articles

January 17, 2025

CJEU ruling expands GDPR liability regarding unfair competition and AML/CFT

Article published on January 16, 2025, in Compliance Week - here.
European and French case law confirms that a breach of the GDPR—as well as of other...

Read the article
Mathilde Gérot, Attorney

Categories

Website design and SEO by Simplébo Simplébo

Log in