fbpx
  • Home
  • Civil Law
  • Compensation for Damage Resulting from the Processing of Personal Data

Compensation for Damage Resulting from the Processing of Personal Data

The institution in question was initially regulated by what we know as the Privacy Code, formally contained in Legislative Decree 196/2003, which collects Italian legislation on the protection of personal data.

Today, however, the matter is directly governed by Article 82 of EU Regulation 2016/679 (GDPR), which replaced Article 15 of the Privacy Code, expressly repealed by Legislative Decree 101/2018.

In particular, the aforementioned Article 82 GDPR provides that anyone who has suffered material or non-material damage as a result of a violation of the regulation has the right to obtain compensation from the data controller or the data processor. Liability therefore falls directly on these subjects, unless they prove that the harmful event is in no way attributable to them.

It follows that, when one is responsible for the protection of personal data, it is necessary to adopt every suitable measure to safeguard such data, primarily to prevent their dispersion and fraudulent use. It will therefore be the burden of the controller or processor to demonstrate that they acted correctly and that the violation did not depend on their conduct, thus avoiding liability.

The compensable damage may be both pecuniary and non-pecuniary, or both may coexist; however, it is up to the person who claims to have suffered it to provide proof.

Compensation for Unlawful Data Processing

In order to obtain compensation for damages, it is necessary to follow various steps aimed at obtaining a judicial ruling that acknowledges the right to be compensated and obliges the wrongdoer to pay.

First of all, it is essential to send what is known as a letter of warning and formal notice, which serves several functions: it sets a deadline within which the person who caused the damage must compensate it, and it also interrupts the statute of limitations, allowing the term to start running again from the beginning.

This is a fundamental step, since people often ignore that, even in civil law matters, there are limitation periods to be respected, after which it is no longer possible to enforce one’s claim.

Once such a letter has been sent, if we still fail to obtain what was requested (a highly probable situation, since normally the wrongdoer will reply that there is nothing to pay), we can proceed by filing a civil lawsuit.

During the proceedings, there will be an evidentiary phase in which, through witnesses, formal interrogations, and the submission of documents, it will be possible to prove the damage suffered and the causal link between the wrongdoer’s conduct and the harm itself.

The burden of proving all this lies exclusively with the person who claims to have been harmed, with the consequence that, if they fail to provide sufficient elements to convince the judge, they will have to give up obtaining compensation.

It should also be clear how lengthy the entire proceedings may be.

Indeed, it cannot be overlooked that there may be multiple levels of judgment and, in particular, the case could reach the third level before the Court of Cassation.

Furthermore, even when a final judgment has been obtained, it may happen that the party ordered to pay compensation does not comply voluntarily, thus making the enforcement phase necessary, with related formal notice, attachment, and so on.

Although it may seem difficult, it is important not to get discouraged, to go forward with the conviction that sooner or later justice will acknowledge us and ensure we are compensated, even though not everyone has the possibility to wait and bear the necessary expenses in the meantime.

Many, in the end, just to live a life without complications, end up renouncing hard-earned legal claims.

Class Action on Loyalty Cards – Data Breach

Violations in the processing of personal data constitute one of the greatest problems of the twenty-first century, given the widespread use of IT technology and telematic tools for the most varied activities—for example, in the field of loyalty cards or the improper storage of data provided to smartphone apps.

The most controversial cases inevitably concern access to and registration on websites, for which it is always necessary to enter one’s data and subsequently consent to their processing.

I don’t think I’m straying too far from the truth when I say that none of us—or at least very few—actually take the time to read the conditions we accept with a simple click on “I consent”, without which the fateful “next” box does not become accessible, the only thing we are really interested in when we are about to make a purchase, stream a movie, or download a free version of a program.

Usually, in fact, we consent first and foremost to the processing of our personal data in order to access the desired service but, moreover, we also consent to their use for commercial purposes, as well as their transfer to third-party companies for market research.

This is why, to our surprise (and annoyance), without knowing the reason, we continue to receive emails, text messages, or even promotional calls aimed at selling us all sorts of things, without realizing what triggered it all.

But this is only the legitimate inconvenience of the consents we indiscriminately give, since there is nothing unlawful in the use of data for the purposes we expressly accepted; the problem arises when such data begin to be used unlawfully, although unfortunately it is often very difficult for the victim to even realize it.

The most striking cases are represented by IT services offered, for example, by Poste Italiane, banks, as well as websites where tickets for means of transport—such as airline or train tickets—can be purchased. In these cases, credentials may be stolen, allowing an intruder to unlawfully access our accounts or credit cards, causing economic damage, sometimes very significant.

It is evident that the most at-risk sites are those requiring the insertion of more data, such as identity documents, since once entered we can only rely on the operator to whom we entrusted them, hoping that they have a sufficiently secure IT system, able to withstand even the most aggressive hacker attacks.

Sale of Data for Financial Gain

When we talk about compensation for damages due to privacy and personal data breaches, although most of us immediately think of our sensitive data being disclosed without authorization, reference is also made to the violation of our right to image, especially if our image is an economically valuable asset.

This is the case for celebrities, who very often demand and obtain substantial compensation from magazines and websites that publish stolen images of them in private places, where the camera lens should not have access.

In this case, however, two different interests of equal legal value must be balanced: the protection of one’s privacy and the right to information, albeit of a scandalistic nature.

This balancing therefore excludes any kind of violation in cases where images or other data are legitimately acquired in public or publicly accessible places, while on the contrary, it constitutes an unlawful violation to unlawfully enter real or virtual places where access is private and where such data are stored—data which, through our own fault, we often fail to properly value.

Who Violates Our Data and Steals It for Profit

It is necessary to distinguish between those who are responsible for the disclosure of data because, under contract, they are obliged to prevent it, and those who, on the contrary, commit outright fraudulent theft from the “custodians’” IT systems.

The latter are not liable for damages for failing to adopt adequate measures to prevent access; instead, they are criminally liable, as their conduct amounts to actual theft.

Needless to say, in order to carry out such conduct, it is necessary to have IT skills that certainly go beyond the basic knowledge that we all have. These are the so-called hackers, people who can easily overcome every virtual barrier to reach the treasure of our data and, ultimately, our money.

It is not always necessary to have a degree certifying such skills since, more often than not, we are not dealing with IT engineers but simply with those young geniuses who, from the outset of their lives, have shown a talent and aptitude for the virtual world.

A famous example was the Wikileaks case, which probably involved the largest data theft in modern history.

The point is this: when there are worlds we cannot fully understand or manage, we are in danger.

This happens in every field, and even more so in IT.

We entrust our lives and our secrets to a computer, while knowing we have no tools to fight potential attackers far more skilled than we are, relying essentially only on luck to guide our virtual existence.

Compila il modulo per richiedere informazioni, 

Riceviamo solo su appuntamento.

  Roma, via La Spezia 43

  Ariccia, Largo Savelli 14


  06 89346494 - 349 40 98 660
segreteria@studiobuccilli.com
  • Ho avuto modo di apprezzare e verificare la professionalità dell'avvocato Buccilli in diverse situazioni difficoltose. Quando nel 2021 decisi di vendere la mia casa per acquistarne una più grande, mi sono capitate numerose situazioni sventurate: iniziai comprando su carta un villino indipendente di 100 mq; l'agente immobiliare responsabile della vendita mi propose un ampliamento che si rivelò essere un abuso, abilmente orchestrato assieme al costruttore senza scrupoli - mancava di fatto la cubatura necessaria per la realizzazione dell'ampliamento; il costruttore andò lungo sulla data di consegna (oltre un anno di lavoro) creandomi problemi di alloggio e danni. In quel frangente conobbi Alessandro il quale riuscì a risolvere la situazione in mio favore. Dopo molte peripezie e con il morale a terra nel maggio 2023 comprai una villetta da ristrutturare; sembrava che le cose andassero finalmente per il verso giusto. Con mia amara sorpresa scoprii che la ditta incaricata della ristrutturazione invece della promessa squadra di operai inviava saltuariamente un paio di lavoratori extracomunitari che non parlavano italiano e che passavano il tempo a giocare al telefono. A nulla servirono le mie accese rimostranze nel confronti del direttore dei lavori - anche in quel caso Alessandro mi aiutò a uscire dal pantano. Verso giugno 2024 una nuova ditta e un nuovo direttore dei lavori ripresero il cantiere con la promessa di miracoli e la consegna fissata a dicembre 2024. Arrivati a gennaio 2025 con nemmeno il 50% dei lavori preventivati completato iniziai a rivivere la situazione sperimentata in precedenza - ritardi giustificati con le più incredibili fandonie, richieste di denaro a fronte di lavori non fatti e il rifiuto ostinato di fornire una data di consegna sostenibile - oltre alle ingiurie che il nuovo direttore dei lavori mi riversava contro durante quelle piazzate che costui osava definire "riunioni tecniche"; memore delle precedenti esperienze contattai prontamente Alessandro che attualmente sta tutelando i miei diritti; stiamo procedendo legalmente nei confronti dell'ultima ditta e del "direttore dei lavori"... . Ho deciso di riassumere questa odissea iniziata nel 2021 e ancora in essere oggi perché ci tengo a mettere in luce la professionalità con cui Alessandro mi ha tutelato e mi sta tutelando facendosi carico di situazioni davvero complesse, proponendomi strategie difensive che mi hanno difeso egregiamente, fornendomi consigli preziosi e orientati all'onestà intellettuale che solo un vero professionista del foro può dispensare. Consiglio vivamente a tutti quelli che stanno cercando un professionista integro e onesto di contattare Alessandro Buccilli, sicuramente farete la scelta migliore per tutelare i vostri interessi nei confronti dei numerosi (purtroppo) imbroglioni azzeccagarbugli di cui l'Italia è infestata.
  • Finalmente un avvocato che ti spiega bene come stanno le cose senza troppi giri di parole, chiaro e sincero. Consigliatissimo 👍🏼
  • Ottimo supporto ottenuto dallo studio legale e dall’avvocato Buccilli. Disponibilità, professionalità e massima tempestività. Mi sono affidato allo studio per una pratica importante, finita nel miglior modo possibile, grazie al lavoro ottimo svolto dal professionista e da qualche anno é diventato un punto di riferimento per qualsiasi esigenza sul piano penale, in primis , e anche civile. Grazie mille