Mall must pay compensation

Mall must pay compensation

In the Czech Republic, Mall has encountered major problems regarding the leakage of its customers' personal data. It was about 100,000 people shopping online. But one of them didn't just let it go and decided to act. He brought an action against the company for compensation for non-material damage and was indeed successful. The company must pay the victim compensation of CZK 10,000, which is less than € 400. Of course, interest and reimbursement of legal expenses are not included in this amount.

Exemplar customer

This decision results from the verdict of the Municipal Court in Prague. The judgment is final and unfortunately Mall can no longer appeal against it. This exemplar customer thus gave all people the hope that if their data leaked from a particular online service, they could similarly acquire a certain amount of money in a legal form of redress in court.

The Court of Appeal granted the applicant compensation for breach of the so-called right of information self-determination. Such a right gives people the power to decide to whom and in what form they will disclose their personal data.

According to the court's ruling, Mall has infringed the citizen's privacy in this way in an inadmissible manner, although the applicant has already published some of the leaked data (such as name and surname, e-mail address, telephone number) on the Internet in the past.

Mall will pay compensation in full amount

Through its media representative Veronika Poláková, Mall pointed out that the court would respect the verdict of the court and pay the plaintiff full compensation, ie the mentioned CZK 10,000.

Specifically, 735,956 unique email addresses and 766,421 passwords escaped from Mall. Probably the passwords that the company did not protect sufficiently and the security system was not so strong. All of the company's customer data was uploaded to the server uloz.to, where they have been stored for about 1 full month and were available to anyone who downloaded it.

The way in which all these data have been leaked is not yet known. In 2018, Mall claimed that it was unable to determine the exact way of the leak. Moreover, they do not want to disclose any new information on this issue to this day. The media representative Veronika Poláková commented as follows: “It is part of the case before the Administrative Court.”.

Mall has a lot more to do with it

However, this is not the only misstep of Mall. In addition to the low amount of CZK 10,000, the company mainly defends the CZK 1.5 million sanction imposed by the Office for Personal Data Protection, but in this case the court has not yet decided.

However, according to Poláková, no other cases concerning the violation of GDPR are registered by the company. Lawyer Josef Aujezdský argues that in the Czech Republic, it is not customary to sue companies in such cases. “Given the current absence of collective actions in Czech law, the motivation on the part of the injured party to exercise such rights in court is rather low (practically not worth it). There will not be many similar cases that end up in court,” says Aujezdský.

However, the current verdict could also motivate other customers who have lost their personal data. “The general limitation period shall be 3 years. If we simplify this, the limitation period begins to run in such a case from the moment when the injured person became aware of the existence of the damage and who was responsible for it (Section 620 (1) of the Civil Code). Consequently, it is not excluded that other injured parties may now turn to a similar claim to the court. However, the limitation period runs separately for each of them,” adds Aujezdský.

And what to say at the end? We never know when and what customer can harm your business. Therefore, process your personal data fairly and, above all, secure it well.