Legal cases and fines for breaches of the EU’s General Data Protection Regulation could rise sharply after a recent case in the Court of Justice of the European Union (CJEU) found that a GDPR breach was a source of unfair competition. The judgment also opens doors to civil cases relating to other compliance failings, if a company is seen by competitors to be ignoring expensive or challenging rules, such as those regarding anti-money laundering and countering the financing of terrorism (AML/CFT).
The case concerned a German pharmacy that was selling products on Amazon. A competitor took it to court under German competition law on the grounds that if customers had not given consent for their personal data to be processed, the pharmacy was not only breaking GDPR rules, but in the process was gaining an unfair competitive advantage. The case was referred to the CJEU, which judged in October that it did not matter that the complainant’s motivation was competition, rather than data protection.
