The GDPR has introduced new collective redress mechanisms in the field of data protection. In some EU member states, it is even possible to sue for compensation in the frame of such collective action, and many civil society organisations have already seized this opportunity. How do we quantify harm related to the violation of data protection rights? Does the violation of a procedural obligation by a data controller, such as the obligation to maintain a register of processing operations, constitute reparable damage? Or does the law only provide for the possibility to sue for damage that was the consequence of such a violation? We will discuss all of this and more in this session, including the state of play of some of the collective action initiatives and the reaction of data controllers.
• What is the state of play of the implementation of art. 80 GDPR especially with regards to collective redress mechanisms?
• How to quantify harms when it comes to asking for compensation for the violation of data protection rights?
• Have collective redress mechanisms changed the landscape of data protection in Europe?
• What happens in cross-border situations where collective redress actions meet the one-stop-shop mechanism?