England and Wales High Court rules that the GDPR Art. 27 Representative is not liable for its clients’ actions

June 2, 2021

The England and Wales High Court of Justice (May 28th 2021): the GDPR Article 27 Representative is not liable for its client’s actions.

On the role of the representative:
“At the least, the picture which emerges is of a considerably fuller role than a mere postbox ‘to be addressed’. Even the language of ‘conduit’ or ‘liaison’ does not fully capture the job the GDPR gives to representatives. The role is an enriched one, active rather than passive.[…] The job focuses on providing local transparency and availability to data subjects, and local regulatory co-operation.”[74]

On the representative’s liability:
“I find no positive encouragement for ‘representative liability’ anywhere other than the last sentence of Rec.80.[…] If the GDPR had intended to achieve ‘representative liability’ then it would necessarily have said so more clearly in its operative provisions” [101]


Follow us on Linkedin for daily breaking GDPR news!

Get our weekly newsletter in your inbox every Monday with fresh GDPR and Data Protection news!