The future for collective action under the GDPR


Brussels, Belgium

A side event to the International Conference of Data Protection and Privacy Commissioners.

In association with:


To raise awareness of upcoming challenges flowing from the GDPR’s Art. 80 on individuals’ right of redress via collective (class) action.

Date and Location

Tuesday 23 October 2018
14.30 - 17.30  

Venue: The Hotel, Boulevard de Waterloo 38, 1000 Bruxelles, Belgium
5 minutes walking distance from the Palais d’Egmont (venue of closed sessions)



This workshop is free to attend but by registration only as places are limited. 

To secure your place please register via the Brussels Privacy Hub website.




Data Protection Authorities, policy makers, law firms, companies,
civil society, consumer organisations and academics.

Confirmed speakers:

- Professor Gloria González Fuster, Brussels Privacy Hub, Belgium

- Stewart Dresner, Chief Executive, Privacy Laws & Business, UK

- David Martin Ruiz, Senior Legal Officer, BEUC - The European Consumer Organisation, Belgium

- Dr. Boris Uphoff, Partner, McDermott Will & Emery, Germany

- Wojciech Wiewiórowski, Assistant European Data Protection Supervisor, Brussels

- Ashley Winton, Partner, McDermott Will & Emery, UK

More to follow




14.00 Registration
14.30 Session 1:
Mapping European experience of collective action for data protection rights
1. The scope of Art. 80 GDPR 
2. Collective action - a form of redress additional to other options
A form of redress additional to other options, for example, individual complaints to a DPA or court action by an individual
3. Building on national experience
3.1.  Germany (a consumer organisation and/or a Land DPA)
3.2. France (Test Achats, a consumer organisation)
3.3.  United Kingdom (a lawyer with experience of handling such a case in a  court)
3.4. Countries expected to become active in the area of collective action
4. Issues which need to be tackled – need or no need for harmonisation?
4.1. Cross-border complaints
4.2.  Need for individual opt-in to a case
4.3.  NGOs without a mandate
4.4.  Redress of a problem with and without compensation
4.5.  Scope for no win, no fee legal advice
4.6.  Scope for using Art. 80 in the employment area
15.50 Break
16.10 Session 2:
Quantifying harm and compensation
Collective action is a fundamental right as part of the GDPR. But how should harm and compensation be quantified? What can we learn from countries outside the EU?
1.  Criteria for assessing harm
2.  Experience of quantifying material damage (Data Protection/Privacy examples from different countries and sectors)
3.  Experience of quantifying immaterial damage – feelings, reputation (Data Protection/Privacy examples from different countries and sectors)
4.  On which subjects would collective action be appropriate and inappropriate? How would collective action work regarding forced consent to use an Internet based service?
5.  Precedents from the Court of Justice of the European Union?
6.  What can we learn from consumer law and competition law cases?
7.  Update on Germany’s Federal Cartel Office investigation of Facebook?
8.  Scope for no win no fee cases in Europe? What can we learn from the USA? Other countries?
17.30 Close

This event qualifies for 3 SRA CPD hours.
Every Privacy Laws & Business event qualifies for accredited CPD hours for the purposes of the England and Wales Solicitors Regulation Authority’s requirements.
Please quote AQJ/PLBU when applying for the points with the SRA.

Programme as of 20 August 2018, prepared by Stewart Dresner, Privacy Laws & Business and
Professor Gloria González Fuster, Brussels Privacy Hub

If you are interested in sponsoring or speaking,
please contact Stewart Dresner: