Data Protection and the Construction of Collective Redress in Europe: Exploring Challenges and Opportunities

Abstract

Article 80 on collective redress in the GDPR contains some of the famous circa 50 derogations that have diluted the degree of harmonisation in this EU main data protection instrument in force since May 2018. The provisions on collective action available in this framework law were not transcribed in a straightforward manner into the lex specialis to the GDPR - the proposal for the reformed e-Privacy Directive (redesigned as an e-Privacy Regulation) - and have required the co-legislators’ intervention to make them more explicit. The efforts required to bring collective redress dimension into the enforcement of the rights to privacy and data protection in the EU can be better understood if discussed in the context of the overall development of this type of remedy here. The process has been fragmented whilst a binding horizontal EU-wide measure is yet to be stipulated. In the meantime, as showcased by the recent CJEU decision in Schrems v Facebook, there are important and urgent questions such as the cross-border element that need to be answered both in terms of the real exercise of access to justice in enacting data protection as well as for consumer rights more broadly. The provisions on collective redress in the new EU data protection legislation have been bold steps in strengthening fundamental rights, but their real impact will depend on other processes developing in parallel, such as the national collective redress schemes, the horizontal EU-level instruments and the case law of the CJEU and national courts.