Insights and Analysis

Data class actions: the era of mass data litigation

17 July 2018
Image
Image

With the development of big data, the scope and impact of potential data breaches or losses have significantly increased. Our guide to data class actions reviews the position in key jurisdictions and shares lessons to bear in mind when facing data class actions in Europe

Class actions are commonplace in the United States but relatively rare in Europe. The European Union wants to change that, by facilitating class actions for mass privacy and data breaches.

With the development of big data, the scope and impact of potential data breaches or losses have indeed significantly increased.

In the EU, the GDPR comes into effect.

Due to its extraterritorial applicability, it will affect business globally.

Every day, somewhere in the world, the media report that data for large numbers of individuals, often millions of people, have been breached.

It seems then only natural that public authorities would consider class actions as a potential remedy for these breaches, if not a way to prevent them.

At first glance, nothing is more rational: data breaches cause for each individual only a very limited damage, if any.

This damage is very often unlikely to be sufficient to motivate the individual to seek compensation for it (or even seek who is actually liable for the breach).

Yet, there may be an interest for the entire group affected by the breach to seek compensation for the aggregate damage, hence the idea of allowing class actions.

But, what if it were not that simple?

In this guide, we take a step back and further analyse this topic by endeavouring to:

  • put the US experience over the last years into perspective;
  • look into the choice of the European Union to timidly open the doors to data class actions;
  • share four key lessons to bear in mind when facing data class actions in Europe; and
  • provide a focus on certain Member States.

Click the download button below to access an interactive version of the guide.

button

Contacts

bio-image

Eduardo Ustaran

Partner

location London

bio-image

Marco Berliri

Partner

location Rome

bio-image

Christine Gateau

Partner

location Paris

bio-image

Christelle Coslin

Partner

location Paris

bio-image

Matthew Felwick

Partner

location London

bio-image

Manon Cordewener

Partner

location Amsterdam

bio-image

Joke Bodewits

Partner

location Amsterdam

bio-image

Christian Di Mauro

Partner

location Milan

bio-image

Massimiliano Masnada

Partner

location Rome

bio-image

Valerie Kenyon

Partner

location London

bio-image

Gonzalo F. Gállego

Partner

location Madrid

bio-image

Martin Strauch, LL.M. (Edinburgh)

Counsel

location Munich

View more

Related topics

Related countries

Related keywords

Load more

More like this

image_1
News

The EU Cyber Resilience Act: Implications for Companies

21 November 2024
image_1
News

NYDFS urges caution given threats posed by remote technology workers with ties to North Korea

14 November 2024
image_1
News

The Data Chronicles | One-click cancellations | Exploring the impact of the FTC’s new click-to-cancel rule

13 November 2024
image_1
News

DOJ proposes regulations limiting certain data transfers to protect national security

12 November 2024
image_1
News

Global privacy regulators update guidance on protecting against unauthorized data scraping

11 November 2024
image_1
News

Security Snippets: NIST publishes guide on due diligence for cyber supply chain risk management

07 November 2024
image_1
Insights and Analysis

Decoding the EU Data Act: Data types covered by data access and sharing rights

30 October 2024
image_1
News

Germany Draft for Employee Data Act issued

29 October 2024
image_1
Insights and Analysis

Second Circuit departs on meaning of “consumer” under the U.S. Video Privacy Protection Act

23 October 2024
left_arrow
right_arrow

Search

arrow
arrow

Register now to receive personalized content and more!

 

Register
close
Register