The controller/processor is responsible for the circumstance. The data had zero protection. They were publicly accessible. The controller/processor therefore accepted that this data would be stolen and/or misused. You can't talk your way out of this.
Yes, this is the exclusion of liability under Art. 82 para. 3 GDPR. Companies can theoretically exonerate themselves if they can prove that they are not responsible for the breach.
But why does this not apply here?
The data was leaked through their systems, so they had a security vulnerability.
They would have to prove that they did everything technically possible to prevent the attack - they did not.
Even if hackers stole the data, the question remains: why was this even possible?
The GDPR requires an appropriate level of protection. Apparently, there were vulnerabilities that hackers were able to exploit.
Whether they are "to blame" or not is of secondary importance. The damage to you has already been done, and the GDPR protects data subjects, not just those technically responsible.
Yes, this is the exclusion of liability according to Art. 82 para. 3 GDPR. Companies can theoretically exonerate themselves if they can prove that they are not responsible for the breach.
But why does this not apply here?
The data was leaked through their systems, so they had a security vulnerability.
They would have to prove that they did everything technically possible to prevent the attack - they did not.
Even if hackers stole the data, the question remains: why was this even possible?
The GDPR requires an appropriate level of protection. Apparently, there were vulnerabilities that hackers were able to exploit.
Whether they are "to blame" or not is of secondary importance. The damage to you has already been done, and the GDPR protects data subjects, not just those technically responsible.
Thank you, wrote an email. Funnily enough, the store is now back to maintenance work
Since the BGH decision in the Facebook case from November 2024, it has been clarified that the "mere and temporary loss of control over one's own personal data" is sufficient for damage. In this case, the data was published unintentionally. They were publicly accessible to anyone, as Lilith Wittmann describes, who actually accessed them to a minimum extent. Is it difficult to deny damage under these conditions?
Trust is a good keyword: but I'm not clear about the connection between trust in Protectra and legal expenses Insurance? Have you misunderstood the business model of such legal service providers?
I don't understand what you mean by the Streisand effect in this context?
Well, that's right. The Streisand effect doesn't really fit. I just meant that it might not be so smart to enter into a contract with a shyster even though you haven't suffered any damage. Maybe this creates a problem in the first place, even though there really isn't one if you just leave it at that.
Protectra tries to get something out of it and if it works, then they pocket part of it. If not, they don't. They say I won't incur any costs, but is that really the case? If I assign the case, then I can't do anything myself, can I? What happens if I demand or have already demanded the deletion of data or something else that Protecta doesn't like and I may have ruined their business as a result? Am I then possibly in breach of Protectra's GTCS? Will there still be any costs afterwards? Or any phone calls, appointments and correspondence with anyone? I have no idea. As I said, I don't know the company and have never had anything like this to do with it. Maybe it's a good thing.
Someone here wanted to go through their lawyer and then report back. Maybe wait and see what he says?
Hacker attack on Merkur Bets
Liked this post:
frapi07
Yes, this is the exclusion of liability under Art. 82 para. 3 GDPR. Companies can theoretically exonerate themselves if they can prove that they are not responsible for the breach.
But why does this not apply here?
This post has been translated automatically
Hacker attack on Merkur Bets
Nobody has liked this post so far
Thank you, wrote an email. Funnily enough, the store is now back to maintenance work
This post has been translated automatically
Hacker attack on Merkur Bets
Nobody has liked this post so far
What did you write?
This post has been translated automatically
Hacker attack on Merkur Bets
Nobody has liked this post so far
Well, that's right. The Streisand effect doesn't really fit. I just meant that it might not be so smart to enter into a contract with a shyster even though you haven't suffered any damage. Maybe this creates a problem in the first place, even though there really isn't one if you just leave it at that.
Protectra tries to get something out of it and if it works, then they pocket part of it. If not, they don't. They say I won't incur any costs, but is that really the case? If I assign the case, then I can't do anything myself, can I? What happens if I demand or have already demanded the deletion of data or something else that Protecta doesn't like and I may have ruined their business as a result? Am I then possibly in breach of Protectra's GTCS? Will there still be any costs afterwards? Or any phone calls, appointments and correspondence with anyone? I have no idea. As I said, I don't know the company and have never had anything like this to do with it. Maybe it's a good thing.
Someone here wanted to go through their lawyer and then report back. Maybe wait and see what he says?
This post has been translated automatically