With European Commission President Ursula von der Leyen’s second five-year term now underway, the Commission is expected to focus on the implementation of three key EU digital legislative initiatives: the 2022 Digital Services Act (DSA), the 2022 Digital Markets Act (DMA) and the 2024 Artificial Intelligence Act (AIA). At the same time, European privacy enforcement is positioned to continue into the new term, and privacy litigation is expected to expand. The U.S.-EU Data Privacy Framework faces further scrutiny by European courts, especially in the face of policy uncertainties brought about by the second Trump administration.
European privacy NGOs stand to benefit from a recent judgment from the EU General Court enabling the recovery of damages authorized under the GDPR for non-material harm and setting a monetary quantum for such damages. A separate EU directive offers new possibilities for collective redress of privacy harms. The combination of these two developments means that even nominal individual awards can be multiplied exponentially to amount to significant sums. Thus, class-action-style litigation and damages recovery are likely to be major themes during the next years, with potential impacts expected both for U.S. cloud service providers and European companies that transfer data to the United States.
To read the full article on Lawfare, click here.
* * *
These statements are attributable only to the author, and their publication here does not necessarily reflect the view of the Cross-Border Data Forum or any participating individuals or organizations.
