GDPR and the birth of digital ambulance chasers

GDPR and the birth of digital ambulance chasers

A week ago we could report that the highest fines under GDPR had been issued in Portugal. Contrary to most believs, the fines where issued to a public hospital, and concerned unstructured data.

And for sure, fines under GDPR can be devastating, but equally devastating is the rights under article 82 for damages for non-material damages. This means there is no requirement to prove financial loss to claim compensation under GDPR; mere distress is sufficient.

Ross McKean has written an interesting article about the situation in the UK, and makes some conclusions that we think is worth mentioning.

The quantum of damage for distress is far from a settled area of law and unlike personal injury claims where guidelines for the assessment of damages are readily available, the jurisprudence considering damages for distress arising from breach of data protection laws is sparse and ambivalent.

This is true, but for European countries we will see a harmonization between national jurisprudence. And as Ross McKean mentions, thousands of pounds have historically been paid for spam-emails earlier, and damages for breach of privacy legislation can be expected to be higher.

The uncertainty for the level of the economical compensation will, in the short term, probably mean that the numbers of class actions will be limited, but one thing is sure:

“…the potential upsides of a successful claim where hundreds of thousands or millions of sensitive records are compromised in a breach mean that data protection group litigation is likely to be here to stay”