Data Privacy affects all of us and has come to the fore in more recent times with some high-profile cases coming before the Irish Courts together with the introduction of the Data Protection Act (DPA) 2018, in Ireland, which effectually implements the provisions of the General Data Protection Regulation (GDPR). The Data Protection Act 2018, gives statutory rights to litigants pertaining to privacy breaches. It also imposes obligations on data controllers and data processors. If you believe your data rights have been infringed there are a number of legal options open to you which the privacy lawyers at Cantillons Solicitors can advise on depending on the facts.
Actions that can be taken against Data Controllers and Data Processors in the event of a data breach:-
The breach of your personal data rights can have a significant impact upon your personal and professional life. In such circumstances, there are a number of legal options open to you:-
Under Section 117 of the DPA, a data subject whose data protection rights have been infringed and where the data breach is as a result of the processing of his or her personal data in a manner that is contrary to data protection laws, can bring an action against the controller or processor concerned. Article 82 of GDPR states the data controller and/or data processor will be liable unless a controller or processor can prove, the breach is not the source of non-compliance.
Under the GDPR and Section 117 of the Data Protection Act 2018, data subjects have the right to seek compensation if a breach of the GDPR has affected them (articles 79 and 82 GDPR).
In other words, it allows for financial compensation claims against the controller or processor, if a data subject has suffered ‘material or non-material damage’ as a result of the processing of personal data which has resulted in an infringement of the data subjects’ statutory rights set out in the 2018 Act. The term ‘non-material damage’ means a data subject does not need to show damage only that the data subjects rights have been infringed. Material damage involves actual damage that is quantifiable and non-material damage refers to non-financial damage such as pain and suffering.
In addition, Section 128 of the Data Protection Act 2018 provides a judicial remedy in the form of injunctive relief where appropriate.
Make a Complaint
You can inform the Irish Data Protection Commissioner’s office (DPC) of the data breach who will investigate the matter on your behalf. Depending on the findings of the DPC, it has the power to issue substantial fines, warnings, reprimands etc. against the data controller/processor under the 2018 Data Protection Act.
Other non-statutory remedies
In addition to the statutory remedies provided for above, a data processor or controller could also be sued for breaching your constitutionally protected right to privacy where the Irish Courts have recognised in the past an unenumerated right to privacy as one of the personal rights in our Constitution. Depending on the type of data breach, a cause of action might also exist under the tort of misuse of private information as enunciated in the U.K. House of Lords Decision Naomi Campbell v MGN.
How Cantillons Solicitors can help:-
Our Data Protection team deal with all aspects of data protection law to include:
Contact us at Cantillons Solicitors at +353 (0)21 -4275673 or [email protected] if you would like more information.
* In contentious business, a solicitor may not calculate fees or other charges as a percentage of any award or settlement.