On April 27, 2023, the Advocate General (“AG”) of the Court of Justice of the European Union (“CJEU”) issued its opinion in the case C-807/21 on the conditions for imposing GDPR fines on legal persons (e.g., companies). He opined that Member States’ law may not stipulate conditions going beyond those set out in the GDPR that make it more difficult to impute GDPR infringements to companies. In addition, he is of the opinion that the GDPR penalties may only be imposed on intentional or negligent conducts, since the GDPR does not provide for a strict liability (no fault) system.
Continue Reading CJEU’s Advocate General Issues Opinion on GDPR Fines Against Companies