German court rules CEO to be held personally liable for data privacy violations
In a recent German case, a court decided that a CEO was personally liable for a data privacy breach after they hired a detective to investigate possible criminal acts by the plaintiff.
The court ruled that the CEO hiring a detective violated data protection law and awarded the plaintiff €5,000 in non-material damages.
Notably, the court held the CEO personally liable for the data protection violations and the damage claim, alongside the company. It classified the CEO as a data controller, which distinguishes him from an employee who is bound by instructions.
Source: German court rules: CEO to be held personally liable for data privacy violations, Christoph Werkmeister, Rhea Dennis