Skip to content

cearta.ie

the Irish for rights

Menu
  • About
  • Privacy Policy
  • Disclaimer
  • Contact
  • Research

Category: Privacy

Compensation for breach of the General Data Protection Regulation

22 August, 2017
| 2 Comments
| GDPR, General, Privacy

I have just posted a paper on SSRN entitled “Compensation for breach of the General Data Protection Regulation”; this is the abstract:

Article 82(1) of the General Data Protection Regulation (GDPR) provides that any “person who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation from the controller or processor for the damage suffered”. As a consequence, compliance with the GDPR is ensured through a mutually reinforcing combination of public and private enforcement that blends public fines with private damages.

After the introduction, the second part of this article compares and contrasts Article 82(1) GDPR with compensation provisions in other EU Regulations and Directives and with the caselaw of the CJEU on those provisions, and compares and contrasts the English version of Article 82(1) GDPR with the versions of that Article in the other official languages of the EU, and concludes that at least 5 of the versions of Article 82(1) GDPR are unnecessarily ambiguous, though the CJEU (eventually, if and when it is asked) is likely to afford it a consistent broad interpretation. However, the safest course of action at this stage is to provide expressly for a claim for compensation in national law.

…

Read More »

What is the current status of GDPR incorporation in the EU’s 28 Member States? [Ongoing updates]

27 July, 201711 September, 2019
| 8 Comments
| GDPR, Privacy

Last updated: 7 May 2018

GDPR incorporationHaving looked, in my previous post, at what Article 82(1) of the General Data Protection Regulation says and means in each of the EU’s 24 official languages, I’m interested in this post in the related question of the current status of incorporation* of the GDPR in each of the EU’s 28 Member States. I am interested in particular in whether provision has been made in any incorporating* legislation or draft for an express claim for compensation or damages to give effect to Article 82 GDPR. The list below is the current state of play so far as I have been able to find out. I would be grateful if you correct any errors and help me fill in the blanks – via the comments below, via email, or via the contact page on this blog – I would very grateful indeed.

Complete incorporation: Legislation to incorporate* the GDPR has been enacted in Austria, Belgium (though a further Bill is pending), Germany, Poland, Slovakia and Slovenia (a French Act anticipated some of its requirements, though a full incorporation Bill is pending). About half of the Member States are likely to complete the process before 25 May 2018.…

Read More »

What is the literal meaning of Article 82(1) GDPR in each of the EU’s 24 official languages?

18 July, 201719 August, 2017
| 15 Comments
| GDPR, Privacy

GDPRI’m trying to work out what Article 82(1) of the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC) says and means in each of the 24 official languages of the EU institutions, and I’d be very grateful for your help. In English, Article 82(1) GDPR provides

Any person who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation from the controller or processor for the damage suffered.

As I have said before on this blog (here, here, here), I think that this formulation is rather odd. It does not provide, in the present tense, that a person whose rights have been infringed “has” the right to receive compensation. Instead, it provides, in a much more congtingent fashion, that a plaintiff “shall have” such a right, which seems to imply that there is something more to be done in national law before plaintiffs actually have the claim.…

Read More »

Damages for Breach of the GDPR

30 June, 201718 July, 2017
| 5 Comments
| GDPR, Privacy

Data Summit 2017 LogoTwo weeks ago today I was chatting over coffee with a data protection expert during the second day of the Data Summit 2017. He was annoyed at my blogpost on the Government’s General Scheme of the Data Protection Bill 2017 [the Scheme] to give further effect in Irish law to the EU’s General Data Protection Regulation [the GDPR]. Article 82(1) GDPR provides claim for compensation for anyone whose rights under the GDPR are infringed. In the post that annoyed him so much, I said that I couldn’t find a Head to this effect in the Government’s Scheme. He said: what about Head 91? I said: that’s where it should be, but it isn’t there. He wasn’t convinced. So, I went back and had a closer look at the Scheme and the GDPR. I also had a look at an associated Directive (the Police and Criminal Justice Authorities Directive [the PCJAD]) which is also being transposed by the Scheme. Article 56 PCJAD similarly provides for a claim for compensation for anyone whose rights under the PCJAD are infringed. Heads 91 and 58 (respectively) of the Scheme address these claims, but they do not completely provide for such claims for compensation.…

Read More »

The Heads of an Irish Bill to ensure GDPR compliance are very welcome, but they raise questions about repeals and compensation

12 May, 201718 July, 2017
| 6 Comments
| GDPR, Privacy

GDPRThe Government has today published the General Scheme of the Data Protection Bill 2017 (press release | scheme (pdf)) to give further effect in Irish law to the EU General Data Protection Regulation and to implement the associated Data Protection Directive for law enforcement bodies. The publication of the Heads is a very welcome development indeed. There will, in the coming weeks and months, no doubt be much discussion of the Heads, and I hope that the draft will be improved as a consequence. For now, I want to make two points, about repeals of existing legislation, and the availability compensation for infringement of the GDPR.

Stamp Act Repealed (via Wikipedia; element)The first point is brief enough. Existing Irish law is contained in the Data Protection Acts 1988 and 2003 (also here and here; the ODPC’s unofficial but extremely helpful administrative consolidation is here), which are not very easy to work with. Head 5 deals with “Repeals”. My fervent hope is that the 1988 and 2003 Acts will be repealed, and that the new Bill will provide a single one-stop-shop for all Irish law on data protection. My hope has been neither fulfilled nor dashed by Head 5. It’s blank. The explanatory note says that the existing Acts “will be largely superseded by” the GDPR and Directive, and that this “Head will be completed during the drafting process”.…

Read More »

Damages and compensation for invasion of privacy and data protection infringements

9 May, 20174 December, 2020
| 4 Comments
| GDPR, Privacy

Hulk HoganThe saga in Bollea v Gawker shows two remedies for invasion of privacy. Hulk Hogan (real name, Terry Gene Bollea; pictured left), is a former professional wrestler and American television personality. Gawker was a celebrity news and gossip blog based in New York. In October 2012, Gawker posted portions of a secretly-recorded video of Hogan having sex in 2006 with one Heather Cole, who (as Heather Clem) was the then-wife of his then-best-friend (the wonderfully-monikered radio personality Bubba “the Love Sponge” Clem). In March 2016, a jury found Gawker liable for invading Hogan’s privacy, and awarded him a total US$140m – Gawker itself was held liable for US$115m in compensatory damages (including US $60 million for emotional distress), and US$15m in punitive damages; Gawker’s CEO, Nick Denton, was held personally liable for US$10m in punitive damages.

Gawker and Denton immediately announced that they would appeal; but first Gawker, and then Denton, both soon filed for bankruptcy. In August 2016, Gawker itself was shut down, and the media group of which it was a centrepiece was sold for US$135m. This provided the funds for a settlement: in November 2016, the case was ultimately settled for US$31m; and, in March 2017, Denton came out of bankruptcy.…

Read More »

The Right to be Forgotten – is it time to teach the world to sing in perfect harmony?

20 March, 2017
| No Comments
| Conferences, Lectures, Papers and Workshops, Privacy

ISEL logo, via ISEL websiteThe Irish Society for European Law will hold an Update on Data Protection, next Thursday, 23 March 2017, at 6:30pm in the Ormond Meeting Rooms, 31-36 Ormond Quay Upper, Dublin 7.

The event will be chaired by the Hon Ms Justice Mary Finlay Geoghegan, Judge of the Court of Appeal; and the speakers will be Bruno Gencarelli (Head of the Data Flows & Protection Unit, DG Justice & Consumers, European Commission), Andreas Carney (Partner, Matheson), Emily Gibson BL (Law Library, Dublin), and me.

The event is open to all and is free of charge to ISEL members (there is a €30 charge for non-ISEL members, payable on arrival). Places are limited and will be allocated on a first come, first served basis. Please register for the event at www.isel.ie. 1.5 CPD points are available for this event.

Harmony, via Wikipedia (detail)The title of my talk is: The Right to be Forgotten – is it time to teach the world to sing in perfect harmony? I will consider whether delinking in support of the right to be forgotten [R2bF] ought to have worldwide effect. My talk will be in three brief parts. The first part will consider CJEU R2bF caselaw and member-state developments on the question whether an R2bF delinking derived from EU law should be effective worldwide or just inside the EU.…

Read More »

Privacy Paradigm – getting the design right

19 October, 201619 October, 2016
| No Comments
| Privacy

ODell@ICS2 I spoke today at the (ISC)² Security Congress EMEA in Dublin. Before me, Minister Naughten gave an opening address; after me, Brian Honan provided a fascinating keynote.

In between, I beat the drum (again) for Privacy Paradigm. The image, left, is an artist’s impression of the highlights of my talk. If you click through, you will get a bigger version, and – as a bonus, on the same sheet – the same artist’s impression of the talks from Brian and the Minister as well.

What I am hoping to do with Privacy Paradigm (if anyone wants to fund the research) is provide a simple means by which websites could signal not only that they respect their visitors’ privacy but also how (if at all) the sites processe personal data. For this, by analogy with Creative Commons, I suggest an appropriate icon and short accompanying text which explains that the site operates under a standard-form privacy policy, with a link to the underlying privacy policy, provided by an appropriately coded plugin. In my view, the key is to start with the standard-form privacy policies, and to code them accordingly, and then to provide the icons.

There have been many previous attempts covering some elements of this strategy, but none has caught on.…

Read More »

Posts pagination

Previous 1 … 3 4 5 … 19 Next

Welcome

Me in a hat

Hi there! Thanks for dropping by. I’m Eoin O’Dell, and this is my blog: Cearta.ie – the Irish for rights.


“Cearta” really is the Irish word for rights, so the title provides a good sense of the scope of this blog.

In general, I write here about private law, free speech, and cyber law; and, in particular, I write about Irish law and education policy.


Academic links
Academia.edu
ORCID
SSRN
TARA

Subscribe

  • RSS Feed
  • Twitter
  • LinkedIn

Recent posts

  • A trillion here, a quadrillion there …
  • A New Look at vouchers in liquidations
  • Defamation reform – one step backward, one step forward, and a mis-step
  • As I was saying before I was so rudely interrupted … the Defamation (Amendment) Bill, 2024 has been restored to the Order Paper
  • Defamation in the Programme for Government – Updates
  • Properly distributing the burden of a debt, and the actual and presumed intentions of the parties: non-theories, theories and meta-theories of subrogation
  • Open Justice and the GDPR: GDPRubbish, the Courts Service, and the Defence Forces

Archives by month

Categories by topic

Licence

Creative Commons License

This blog is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. I am happy for you to reuse and adapt my content, provided that you attribute it to me, and do not use it commercially. Thanks. Eoin

Credit where it’s due

Some of those whose technical advice and help have proven invaluable in keeping this show on the road include Dermot Frost, Karlin Lillington, Daithí Mac Síthigh, and
Antoin Ó Lachtnáin. I’m grateful to them; please don’t blame them :)

Thanks to Blacknight for hosting.

Feeds and Admin

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

© cearta.ie 2025. Powered by WordPress