PDF iconDownload This Paper
Open PDF in Browser
Add Paper to My Library
Permalink
Using these links will ensure access to this page indefinitely
Copy URL

Putting a price on data protection infringement

Published in International Data Privacy Law (IDPL), Volume 12, Issue 1, February 2022, Pages 1–15

University of Oslo Faculty of Law Research Paper No. 2022-56

43 Pages Posted: 23 Nov 2022

See all articles by Mona Naomi Lintvedt

Mona Naomi Lintvedt

Norwegian Research Center for Computers and Law - Law Faculty, University of Oslo

Date Written: November 22, 2022

Abstract

• There is an assumption that the use of fines as an enforcement tool will have a deterrent effect and lead to compliance with the EU General Data Protection Regulation (‘GDPR’). This article gives a critical analysis of the fines in Article 83 og the GDPR, and whether the introduction of elevated fines have led to the desired behavioural changes.
• The GDPR has no provisions that ensure harmonisation of the imposing and calculation of fines. This has already led to diverging practices by the Data Protection Authorities (‘DPAs’). Neither does the GDPR require transparency about imposed fines. Without transparency, the deterrent effect of fines can be questioned.
• Monetary sanctions may not always lead to better compliance and ultimately better data protection for individuals. The GDPR has other enforcement measures that may have a more immediate effect in adjusting undesired processing of personal data, such as a temporary or definitive ban on processing which may be more harmful for a data-driven controller than a fine.
• The fines may function as punishment and deterrence, but not as restoration. Individuals who are affected by an infringement are not benefited by the imposed fine. Although Article 82 of the GDPR gives any person suffering material or non-material damage resulting from an infringement a right to compensation, the right is more theoretical than practical.
• The article concludes that adjustments should be made to ensure transparency and harmonisation. Also, changes should be considered to ensure that individuals are duly compensated in the event of damages suffered by data protection infringements.

Keywords: Administrative Fines, Behavioural Effect, Compensation, Deterrent Effect, Enforcement, General Data Protection Regulation

Suggested Citation

Lintvedt, Mona Naomi, Putting a price on data protection infringement (November 22, 2022). Published in International Data Privacy Law (IDPL), Volume 12, Issue 1, February 2022, Pages 1–15, University of Oslo Faculty of Law Research Paper No. 2022-56, Available at SSRN: https://ssrn.com/abstract=4283877

Mona Naomi Lintvedt (Contact Author)

Norwegian Research Center for Computers and Law - Law Faculty, University of Oslo ( email )

St. Olavsplass 5
Oslo, Oslo 0130
Norway

PDF iconDownload This Paper
Open PDF in Browser

Do you have a job opening that you would like to promote on SSRN?

Place Job Opening

Paper statistics

Downloads
59
Abstract Views
246
Rank
590,027
PlumX Metrics

Related eJournals

  • University of Oslo Faculty of Law Legal Studies Research Paper Series

    Follow

    University of Oslo Faculty of Law Legal Studies Research Paper Series

    Subscribe to this free journal for more curated articles on this topic

    FOLLOWERS
    5,235
    PAPERS
    526
    This Journal is curated by:
    Beate Sjåfjell at University of Oslo - Faculty of Law, Malcolm Langford at University of Oslo, Faculty of Law, Department of Public and International Law