Data Privacy Compliance in the Cloud
Made Easy

Understand Cloud and Data Protection Law in only 4 easy steps. Plus highly relevant legal information for 33 countries. Provided by EuroCloud and 53 European lawyers.

Supreme Court Finds the Publisher and the State Liable for Personal Data Breach


In August 2018, the Supreme Court of the Republic of Slovenia upheld the judgements of the lower courts finding the publisher and the state (Republic of Slovenia) jointly liable for the publication in a secondary school textbook of a set of data which allowed for the indirect identification of the plaintiff.

In the textbook the publisher reprinted an online newspaper article about a sexual abuse case in which the plaintiff had been the victim and her father the perpetrator. Although the plaintiff’s name had not been disclosed in the article, her father’s full name had been revealed, together with the town of his residence, and the fact that the victim was his daughter. The courts considered several factors, namely that the father’s surname was not very common, that he had lived in a relatively small town and that the criminal case against him had been extensively publicised, before concluding that the reprint of the article amounted to the indirect identification of the plaintiff.

Considering the jurisprudence of the European Court of Human Rights (ECHR), the identity of victims must always be protected, even if the court case spurs considerable public interest. Hence, the Supreme court awarded the plaintiff 20.000,00 EUR in damages for the psychological suffering.

The Supreme court pointed out that the fact the article is still accessible online (which in itself is a violation of law, however in no way related to the defendants) didn’t relieve the publisher of their duty to scrutinise the contents of the textbook before publication. It also found the state jointly liable, since one of its bodies (a Council established by a Government decree), in charge of approving the textbooks, overlooked the controversial content. The courts opined that both defendants should have been aware of the fact the plaintiff would be identified, and that, moreover, since she had been a minor at the time of abuse, she and her schoolmates would be using the textbook in question thereby compounding her psychological suffering.


Article provided by: Matija Jamnik (JK Group, Slovenia)


Discover more about the Cloud Privacy Check(CPC) / Data Privacy Compliance(DPC) project

Director CPC project: Dr. Tobias Hö



53 lawyers from 33 countries are contributing to the project “Cloud Privacy Check (CPC)” in 26 different languages.

Understanding the complexity of current European data protection laws and regulations is already difficult enough for an IT engineer, buyer, or business user. In combination with the often small but nevertheless significant differences between various EU member states, however, it can become an almost insurmountable challenge without proper juristic accompaniment from the very start... Read More



The CPC is a trusted, not-for-profit international network of qualified professionals who deliver simplified and straight-forward guidance to help navigate the legal and regulatory environment relating to privacy and the cloud. This is done through collective know-how, research and market analysis gained from pan-European industry activity, collaboration and experience. Our mission is to provide authoritative views, information and practical solutions to two principal stakeholders: industry professionals and public authorities.