Supreme Court Finds the Publisher and the State Liable for Personal Data Breach


In August 2018, the Supreme Court of the Republic of Slovenia upheld the judgements of the lower courts finding the publisher and the state (Republic of Slovenia) jointly liable for the publication in a secondary school textbook of a set of data which allowed for the indirect identification of the plaintiff.

In the textbook the publisher reprinted an online newspaper article about a sexual abuse case in which the plaintiff had been the victim and her father the perpetrator. Although the plaintiff’s name had not been disclosed in the article, her father’s full name had been revealed, together with the town of his residence, and the fact that the victim was his daughter. The courts considered several factors, namely that the father’s surname was not very common, that he had lived in a relatively small town and that the criminal case against him had been extensively publicised, before concluding that the reprint of the article amounted to the indirect identification of the plaintiff.

Considering the jurisprudence of the European Court of Human Rights (ECHR), the identity of victims must always be protected, even if the court case spurs considerable public interest. Hence, the Supreme court awarded the plaintiff 20.000,00 EUR in damages for the psychological suffering.

The Supreme court pointed out that the fact the article is still accessible online (which in itself is a violation of law, however in no way related to the defendants) didn’t relieve the publisher of their duty to scrutinise the contents of the textbook before publication. It also found the state jointly liable, since one of its bodies (a Council established by a Government decree), in charge of approving the textbooks, overlooked the controversial content. The courts opined that both defendants should have been aware of the fact the plaintiff would be identified, and that, moreover, since she had been a minor at the time of abuse, she and her schoolmates would be using the textbook in question thereby compounding her psychological suffering.


Article provided by: Matija Jamnik (JK Group, Slovenia)


Discover more about the Cloud Privacy Check(CPC) / Data Privacy Compliance(DPC) project

Director CPC project: Dr. Tobias Hö


What is the INPLP?

INPLP is a not-for-profit international network of qualified professionals providing expert counsel on legal and compliance issues relating to data privacy and associated matters. INPLP provides targeted and concise guidance, multi-jurisdictional views and practical information to address the ever-increasing and intensifying field of data protection challenges. INPLP fulfils its mission by sharing know-how, conducting joint research into data processing practices and engaging proactively in international cooperation in both the private and public sectors.