INTRODUCTION Contributed by: Christian Schröder and Odey Hardan, Orrick
Litigation and enforcement trends Such decisions illustrate that data privacy litiga - tion is on the rise, with individuals and organi - sations increasingly seeking redress for privacy violations. In many jurisdictions, data privacy laws provide a basis for claims for immaterial damages, although the determination of such damages remains a contentious issue. Recent court decisions in the EU have clarified some aspects of compensation, emphasising that it should correspond to actual harm rather than serve as a punitive measure. However, courts tend to interpret relevant statutes broadly to ensure efficient protection of user privacy rights, which potentially leads to more waves of mass claim litigation. The introduction of collective redress mecha - nisms, such as the Representative Actions Directive in the EU, has fuelled this trend and expanded legal protection for consumers, ena - bling them to file collective actions for data pro - tection violations. This development increases liability risks for companies, particularly in cross- border contexts, and highlights the importance of robust compliance programmes. Data access and portability The ability to access and transport personal data is a key aspect of data privacy regulation. Laws such as the GDPR grant individuals the right to access their data and transfer it to another service provider, promoting transparency and competition in digital markets. The DA builds on these principles by establishing new rules for data access and portability, ensuring that users of connected products and services can lever - age the data they generate. The DA mandates that data holders make data available to users in a common, machine-read - able format promptly and at no cost. Providers
of connected products or services must inform users about the extent of data availability. The DA also facilitates data portability, requiring data processing service providers to enable custom - ers to switch to another service provider without barriers. In addition, the DA includes measures to balance negotiation power for medium-sized enterprises in relevant contracts. The intersection of data privacy and competition law This is an emerging area of focus, particularly in the context of digital markets. The CJEU has ruled that competition authorities can investi - gate GDPR violations if a company exploits its dominant market position, provided they consult with data protection authorities. This decision has significant implications for organisations with dominant market positions that accumulate extensive personal data. The interplay between data privacy and com - petition law highlights the need for a holis - tic approach to regulation, where privacy and competition concerns are addressed in tandem. This approach ensures that data-driven markets remain competitive while protecting individuals' privacy rights. Conclusion The landscape of data privacy law is complex and constantly evolving, reflecting the rapid pace of technological change and the growing importance of data in the digital economy. As jurisdictions worldwide seek to balance innova - tion with privacy protection, the EU's compre - hensive regulatory framework serves as a mod - el for other regions. Navigating this landscape requires a deep understanding of the legal and regulatory frameworks that govern data privacy, as well as the ability to adapt to new develop - ments and challenges.
9
CHAMBERS.COM
Powered by FlippingBook