Putting a price on data protection infringement

Published in International Data Privacy Law (IDPL), Volume 12, Issue 1, February 2022, Pages 1–15

University of Oslo Faculty of Law Research Paper No. 2022-56

43 Pages Posted: 23 Nov 2022

See all articles by Mona Naomi Lintvedt

Mona Naomi Lintvedt

Norwegian Research Center for Computers and Law - Law Faculty, University of Oslo

Date Written: November 22, 2022

Abstract

• There is an assumption that the use of fines as an enforcement tool will have a deterrent effect and lead to compliance with the EU General Data Protection Regulation (‘GDPR’). This article gives a critical analysis of the fines in Article 83 og the GDPR, and whether the introduction of elevated fines have led to the desired behavioural changes.
• The GDPR has no provisions that ensure harmonisation of the imposing and calculation of fines. This has already led to diverging practices by the Data Protection Authorities (‘DPAs’). Neither does the GDPR require transparency about imposed fines. Without transparency, the deterrent effect of fines can be questioned.
• Monetary sanctions may not always lead to better compliance and ultimately better data protection for individuals. The GDPR has other enforcement measures that may have a more immediate effect in adjusting undesired processing of personal data, such as a temporary or definitive ban on processing which may be more harmful for a data-driven controller than a fine.
• The fines may function as punishment and deterrence, but not as restoration. Individuals who are affected by an infringement are not benefited by the imposed fine. Although Article 82 of the GDPR gives any person suffering material or non-material damage resulting from an infringement a right to compensation, the right is more theoretical than practical.
• The article concludes that adjustments should be made to ensure transparency and harmonisation. Also, changes should be considered to ensure that individuals are duly compensated in the event of damages suffered by data protection infringements.

Keywords: Administrative Fines, Behavioural Effect, Compensation, Deterrent Effect, Enforcement, General Data Protection Regulation

Suggested Citation

Lintvedt, Mona Naomi, Putting a price on data protection infringement (November 22, 2022). Published in International Data Privacy Law (IDPL), Volume 12, Issue 1, February 2022, Pages 1–15, University of Oslo Faculty of Law Research Paper No. 2022-56, Available at SSRN: https://ssrn.com/abstract=4283877

Mona Naomi Lintvedt (Contact Author)

Norwegian Research Center for Computers and Law - Law Faculty, University of Oslo ( email )

St. Olavsplass 5
Oslo, Oslo 0130
Norway

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
118
Abstract Views
449
Rank
441,868
PlumX Metrics