Zasada odpowiedzialności odszkodowawczej administratora i podmiotu przetwarzającego na gruncie ogólnego rozporządzenia o ochronie danych (RODO)

The principle of liability for damages of the controller and the procesor under the GDPR

Wojciech Lamik

Autor jest radcą prawnym w Leśniewski Borkiewicz Kostka & Partners oraz przewodniczącym Komisji ds. Nowych Technologii i Transformacji Cyfrowej przy Okręgowej Izbie Radców Prawnych we Wrocławiu.

Abstract

Article 82 of the GDPR introduces civil law liability of the controller and the processor for damage caused by violation of the personal data protection provisions. There are many doubts surrounding this regulation, one of ehich concerns the principle of liability for damages of the abovementioned entities. The content of the Polish language version of Art. 82 of the GDPR leads to the conclusion that this is liability based on fault, which is supported by most of the Polish doctrine.

The purpose of this article is to demonstrate that the controller's and processor's liability for damages is not based on the principle of fault, and then to determine what principle we are dealing with in Art. 82 of the GDPR.

Keywords

GDPR, General Data Protection Regulation, Article 82 of the GDPR, civil liability, damages, fault, CJEU, Court of Justice of the European Union, controller, processor, violation of the GDPR, civil measures, risk-based liability

Prawo Nowych Technologii

no. 2/2023

The principle of liability for damages of the controller and the procesor under the GDPR

Abstract

Keywords