Data protection litigation, particularly collective private enforcement (CPE), is escalating in the EU. Consumer associations and other interest groups are pursuing legal actions against Tech Giants like Facebook and Uber for GDPR violations. While private enforcement is gaining traction, there is a need to systematically map pathways to CPE and assess its effectiveness in providing strong judicial protection. This protection is perceived both as an independent entitlement under Article 47 ECFR and as an auxiliary means to safeguard other fundamental rights.

The development triggered by CPE shows how procedural and remedial safeguards are co-constitutive of primary rights and duties, requiring us to go beyond the enforcement debate to discuss how litigation influences the shaping of data protection law on the ground.

Additionally, the rise of CPE necessitates contextualizing data protection litigation within a comprehensive framework that includes the fundamental rights of various stakeholders—users, consumers, workers, and citizens, both online and offline. This holistic perspective allows us to analyze the significance of private litigation and collective private enforcement in upholding fundamental rights, preserving public values, and safeguarding general interests.

Against this background, Assessing Collective Private Parties' Litigation in the Economy of Data (APPLIED) has three main objectives:

1. Developing an inclusive overview of CPE application in data protection law across different European nations.
2. Identifying and analyzing obstacles that hinder effective CPE implementation.
3. Exploring CPE's broader implications on data protection rights, obligations, and wider interests.

The APPLIED project explores the role and effectiveness of collective private enforcement (CPE) of the GDPR in providing access to justice and counterbalancing the power of digital corporations. This research combines legal-doctrinal analysis with semi-structured interviews conducted with stakeholders from six jurisdictions: the Netherlands, Italy, Belgium, Austria, Germany, and France.

A) Desk Research

• The APPLIED team conducts a comparative analysis of litigation in six 'case-study' jurisdictions (France, Italy, Germany, Austria, Belgium, and the Netherlands) and the legal frameworks regulating it—both in its European and national dimensions.

  Regarding the national dimension, we look at the grounds and venues of collective action and the available remedies. Of particular importance are Article 80 GDPR on the representation of data subjects for the exercise of their rights under Articles 77-79 and 82, and the Representative Action Directive (2020/1828), which requires member states to have mechanisms allowing qualified entities to seek injunctive and redress measures before national courts or administrative authorities on behalf of groups of consumers, including for GDPR violations.

  On remedies, the right to compensation under Article 82 GDPR is particularly important and is currently the subject of a series of interpretative rulings by the ECJ.

  For the comparative analysis, we examine cases brought in the same member states against data protection law infringements, focusing on the legal framework, procedural venue, representation, type of infringement, requested outcomes, and actual outcomes

B) Interviews

• We identified 5 key stakeholder groups: consumer/data rights organizations, qualified entities, claimant lawyers, defendant lawyers, and funders. From each group, one representative per jurisdiction is invited to participate. Participants receive a summary of our provisional findings and an interview template beforehand, ensuring informed and focused discussions.

  Interviews are conducted online, lasting up to 60 minutes, and are recorded with consent. The interview questions, both closed and open-ended, cover the participant’s role and experience, challenges encountered, the effectiveness of CPE mechanisms, impact on access to justice, future expectations, and recommendations.

  Data from interviews is securely stored and accessed only by project researchers, with deletion scheduled after 10 years. Confidentiality is strictly maintained; personal quotes are used only with explicit consent, and participants are anonymized unless they agree to be identified. The interview data informs our analysis but is not directly published.

  Approved by the Ethics Committee of the Faculty of Law at the University of Amsterdam, the study ensures voluntary participation and the right to withdraw consent at any time. The research avoids the involuntary disclosure of personal or sensitive information.

1. Country Reports
   Forthcoming

2. Project Publications
   Forthcoming

3. Project Presentation

   1. E-Law Conference Leiden
   2. ICON-S Conference 

• Episcopo, F. (2024). "UI v. Österreichische Post – A First Brick in the Wall for a European Interpretation of Art. 82 GDPR." Journal of European Consumer and Market Law: 87-96.

Forthcoming