The General Data Protection Regulation (GDPR) provides for a comprehensive right to compensation for damage caused by data protection infringements. This article investigates whether the GDPR’s compensation regime attracts abuse by alleged damaged parties which have themselves caused the conditions for entitlement to compensation, whether damaged parties can expect ‘full and effective’ compensation when enforcing their claim, and how this situation is influenced by legal tech companies. It concludes that attempts to abuse the right to compensation are plausible but can neither be conclusively confirmed nor refuted from a neutral standpoint. Data subjects damaged by a data protection infringement cannot expect full and effective compensation due the difficulties in practice of proving their entitlement to compensation; also, when the claim is monetised through the services of legal tech companies, the compensation cannot be considered full. Finally, changes in the way the right to compensation is handled are proposed, in order simplify the enforcement of justified claims while making abusive claims unattractive.
Keywords: GDPR| Compensation | Abuse| Enforcement| Legal Tech