The fear of a possible misuse of personal data may in itself constitute non-material damage

Following a cyber-attack, an intrusion into an authority’s computer system has been reported, resulting in the personal data of millions of people being released into the public domain. In this context, a person whose data was recorded by the authority filed a legal claim seeking compensation for the non-material damage caused by the fear that his data could be misused in the future.

As a result of the cyber-attack, the plaintiff has motivated that he fears a potential misuse of his data due to the failure of the authority to comply with its obligations as a personal data controller.

The Court of Justice of the European Union has held that the fear of possible misuse of personal data experienced by a data subject as a result of a breach of personal data obligations may constitute non-material damage.

Nevertheless, it was established that an unauthorised disclosure of personal data is not sufficient to consider that the technical and organisational measures implemented by the controller concerned would not be adequate. Thus, an unauthorised disclosure of data does not automatically give rise to a legitimate fear of a possible misuse of the data which are stored by the entity in question.

Read more

Share this

Continuous recruitment


    doc,docx,pdf,odc file types with 4mb maximum size

    Think ahead! Practice at Filip & Company!


      doc,docx,pdf,odc file types with 6mb maximum size


      doc,docx,pdf,odc file types with 6mb maximum size


      doc,docx,pdf,odc file types with 6mb maximum size

      Vrei să știi cum îți vom utiliza datele cu caracter personal? Click aici pentru mai multe detalii.

      Webinars