ABSTRACT
There has been strong global debate in recent months on Facebook’s breach of their privacy statement/policy, with the personal data of more than 80 million of its users having been breached across geographical and international boundaries. Amidst public condemnation and parliamentary commission inquiries into the matter in various countries, including in the US, UK, and EU, there are growing concerns as to the adequacy of current laws to deal with personal data breaches.With the advancement of digital technology, the risks of personal data breaches recurring are great. This chapter will examine whether contract law, in general is sufficient to meet these challenges especially when it comes to redress
The data subject would have to prove, that they have a contract, with the Data Controller/Data Processor, in the first place. The problematic question here would be, to prove the existence of a valid contract in the first place in a situation relating to breach of personal data, was there a clear acceptance of the privacy statement, to constitute informed consent, especially in a digital context (on the internet) and if so whether there could be said to be sufficient consideration provided by the data subject? In a situation where an internet service provider like Facebook provides the service for free, what are the implications?
The question takes on additional significance when cast against the backdrop of the new EU General Data Protection Regulation (GDPR) which came into effect on 25 May 2018.
