We would like to ensure that you are still receiving content that you find useful – please confirm that you would like to continue to receive ILO newsletters.
15 November 2019
In September 2019 a landmark appeal court decision found an online information service provider liable for consequential damages of data theft.
In April 2017 subscribers and users of one of Taiwan's most popular box office websites, EZding, reported numerous data theft incidents. EZding rejected the complaints about its security management, insisting that it regularly performed vulnerability scanning and, as a result, had received a Trustwave compliance certificate for its data security.
The plaintiff, a victim of the data theft, filed a civil action with the Shilin District Court, claiming property loss and compensation for non-pecuniary damages. She stated that she had received a scam phone call requesting her authorisation of an account transfer to complete a refund from EZding. After following the scammers instructions, the plaintiff had lost approximately $8,500.
EZding denied liability for all of the plaintiff's claims. However, in view of the police investigation report, the court considered EZding liable for the data theft. Under Article 28 of the Personal Data Protection Act, the plaintiff was therefore entitled to statutory compensation of NT$20,000 (approximately $6,700). The plaintiff's other claims were rejected.
The plaintiff and EZding appealed.
Basing its decision on the same evidence, the appeal court considered the plaintiff's property loss to be irrefutable, as the scammers had obtained highly detailed subscriber information to solicit her trust (eg, recent transaction records).
EZding failed to convince the court that all of its databases had been adequately protected at the time of the incident. Therefore, the appeal court upheld the plaintiff's claim of consequential damages.
Before this decision, most data theft cases in civil actions were resolved by a summary judgment under Article 28(3) of the Personal Data Protection Act, which offers claimants statutory compensation for non-pecuniary damages of between NT$500 and NT$20,000 per incident.
For further information on this topic please contact Arthur Shay at Shay & Partners by telephone (+886 2 8773 3600) or email (email@example.com). The Shay & Partners website can be accessed at www.elitelaw.com.
The materials contained on this website are for general information purposes only and are subject to the disclaimer.
ILO is a premium online legal update service for major companies and law firms worldwide. In-house corporate counsel and other users of legal services, as well as law firm partners, qualify for a free subscription.