Skip to main content

Supreme Court Finds the Publisher and the State Liable for Personal Data Breach


In August 2018, the Supreme Court of the Republic of Slovenia upheld the judgements of the lower courts finding the publisher and the state (Republic of Slovenia) jointly liable for the publication in a secondary school textbook of a set of data which allowed for the indirect identification of the plaintiff.

In the textbook the publisher reprinted an online newspaper article about a sexual abuse case in which the plaintiff had been the victim and her father the perpetrator. Although the plaintiff’s name had not been disclosed in the article, her father’s full name had been revealed, together with the town of his residence, and the fact that the victim was his daughter. The courts considered several factors, namely that the father’s surname was not very common, that he had lived in a relatively small town and that the criminal case against him had been extensively publicised, before concluding that the reprint of the article amounted to the indirect identification of the plaintiff.

Considering the jurisprudence of the European Court of Human Rights (ECHR), the identity of victims must always be protected, even if the court case spurs considerable public interest. Hence, the Supreme court awarded the plaintiff 20.000,00 EUR in damages for the psychological suffering.

The Supreme court pointed out that the fact the article is still accessible online (which in itself is a violation of law, however in no way related to the defendants) didn’t relieve the publisher of their duty to scrutinise the contents of the textbook before publication. It also found the state jointly liable, since one of its bodies (a Council established by a Government decree), in charge of approving the textbooks, overlooked the controversial content. The courts opined that both defendants should have been aware of the fact the plaintiff would be identified, and that, moreover, since she had been a minor at the time of abuse, she and her schoolmates would be using the textbook in question thereby compounding her psychological suffering.


Article provided by: Matija Jamnik (JK Group, Slovenia)

Cloud Privacy Check (CPC). Data Privacy Compliance in the Cloud Made Easy

Understand Cloud and Data Protection Law in only 4 easy steps. Plus highly relevant legal information for 33 countries. Provided by EuroCloud and 53 European lawyers.


About Us

EuroCloud is an independent non-profit organization and consists of a two-tier setup where organisations form all European countries can apply to participate in as long as they respect the EuroCloud Statutes.

To act as a true European player, all programs that are developed are intended to be European activities. These European programs are the strength of EuroCloud as a whole. Respect to local cultures along with the will to promote a real European spirit.