As discussed earlier in this blog series, there are various bases for achieving the surrender of your data despite the lack of a property right to data. The release of data through contract law and through the AVG have already been covered. These grounds specifically address situations where there is a contractual relationship, or data containing personal data. This blog discusses the alternative route that can be taken if there is neither a contractual relationship, nor data containing personal data. Incidentally, a tort claim is also possible when there is already a contractual relationship and no (clear) agreements have been included, in addition to the possibility of breach of contract.
For example, your data ends up with a third party with whom nothing has been agreed and with whom there is no relationship whatsoever. This third party refuses to return the data. If such a situation arises, a claim for the release of data could potentially be based on tort. To arrive at a successful application of the tort ground, all requirements of Art. 6:162 of the Civil Code must be met: unlawfulness, imputability, damage, causality and relativity.
Unlawfulness can first be found through the Penal Code. There are several acts criminalised therein that result in meeting the first requirement of unlawfulness. Section 138ab (1) of the Criminal Code, for instance, stipulates that computer hacking is punishable:
"the intentional and unlawful intrusion into an automated work or part thereof".
The Supreme Court has also ruled that under circumstances taking away a virtual object can qualify as theft. Thus, criminal law does recognise that data can be subject to theft. When a criminal offence occurs, in most cases it can be said to be unlawful, thus fulfilling this first tort requirement.
The moment a hacker penetrates your secure system to collect and take your data, the criminal offence mentioned above may have occurred. When this criminal offence has occurred, an unlawful act has been committed. Subsequently, to be considered a tort, the other requirements must also be met.
This wrongful act must be attributable to the person against whom the wrongful act is invoked. There must also be demonstrable damage suffered, for example, suffering financial loss due to the lack of the necessary data etc. This damage must be the direct consequence of the lack of your data, i.e. the damage may not have any other causes. The relativity requirement implies that the criminalisation of the act involved in the qualification of unlawfulness must have had the purpose of preventing the resulting damage. If all these requirements are met, a tort can be said to exist.
It is always wise to have agreements regarding the return of data and other matters properly worked out and recorded in writing. Should a situation arise where the agreements have not been contracted, it is therefore possible to still reclaim data in tort. Do you have questions about the solutions possible to circumvent the lack of ownership of data? Team Commercial Contracting is happy to think along with you and can provide support on this subject where necessary.