I have just posted to my linked in blog, on the reference from the Austrian courts as to whether victims of a data breach need to prove harm for compensation.
The Advocate General is not so sure, although on my CIPP(E) course the instructor was clear; a breach of rights is a harm.
I look at the GDPR, the DPA 2018, which confirms that in the UK, ‘“non-material damage” includes distress.’.
I conclude by noting that, “My experience in tracking the citizen’s panels of the Conference on the Future of Europe (CoFoE) is that Europe’s citizen’s, the children and grand children of facist and stalinist societies are looking for greater enforcement, not less.” Politicians in the EU are under pressure to go in the other direction.
Do victims of a cyberbreach need to prove harm?