Data Protection Actions
Compensation for breach of GDPR and the Data Protection Act 2018
Under GDPR, you have the right to compensation for breach of your privacy rights but you can also use it to find out what happened to your personal data.
If you have received a letter or email from someone stating you have been subjected to a data breach, or that they mistakenly reported you to someone else, then you may be entitled to compensation.
Each case is different but from my experience, people are annoyed and upset at having their personal data stolen or shared with unknown third parties; especially if it relates to personal or private matters such as financial data, credit card details, medical data, family/relationship data, a person's sex life, etc.
On top of this, you don't know how someone could use this data. Could they put it up on social media to embarrass you? Use it to clone your identity? Use your credit card to go on a shopping spree? Use your financial data to steal your money and ruin your credit rating? You just don't know so you have to protect yourself and enforce your privacy rights via a data protection action.
Talk to a solicitor about your options or feel free to contact me below for a referral to a data protection solicitor.
EBS Data Breach
EBS mistakenly reported 16,000 mortgage account holders to the Irish Credit Bureau for being in arrears, thereby affecting their credit rating.
If you got notification in June-August 2020 then you may be entitled to compensation.
Public Service Cards (Department of Social Protection)
In September 2019, the Data Protection Commission ruled the Department of Social Protection breached data protection legislation over the Public Service Cards.
If you got a Public Service Card before May 2018 then you may be entitled to compensation.
University Limerick Hospital
A severe data breach resulted in the medical data from over 600 A&E patients made available online and on social media. The affected patients were not told of the breach until months after it happened.
If you got a letter about this then you may be entitled to compensation.
Ticketmaster Data Breach
In June 2018, Ticketmaster emailed clients stating they had been subjected to data breach and their personal data was not secure. Some clients reported illegal transactions on their credit cards.
If you got an email from Ticketmaster on the 27th of June 2018 then you may be entitled to compensation.
Overview of compensation under GDPR
Note: This is not legal advice and should not be acted upon without speaking to a lawyer.
The Data Protection Commission confirms you are entitled to compensation for any breach of GDPR where they state1:
Article 82 of the GDPR allows for any person who has suffered material or non-material damage as a result of an infringement of the GDPR, the right to receive compensation from the controller or processor for the damage suffered.
Under the Data Protection Act 2018, if an individual believes his or her rights under the GDPR have been infringed as a result of an organisation’s failure to comply with its obligations under the GDPR, they may bring an action against the organisation. This is known as a ‘data protection action’.
In any data protection action, the court has the power to grant compensation for damage (including material and/or non-material damage) suffered as a result of a breach of data protection law.
Material damage generally means damage for some form of physical loss or damage that can be demonstrated to and calculated by a court, e.g. if you crashed your car and it cost €1,000 to repair then the material damage is €1,000.
Material damage is different for every case. In data protection actions (i.e. for breach of GDPR) you would have to show there was some form of physical or economic loss, e.g. a reduction in your credit rate, evening refused a load, , loss of credit, loss of money, unauthorized use of your credit card, or some other tangible effect, etc.
Non-material damage generally refers to non-physical loss or damage that cannot usually be easily calculated by a court, e.g. pain and suffering. In data protection actions (i.e. for breach of GDPR) non-material damage refers to the distress, hassle, upset and annoyance you might have experienced as a result of the breach.
If you have suffered a data breach feel free to contact William McLoughlin BL for more information.
Feel free to contact me