PROTECTION OF PERSONAL DATA IN TORT LAW: COMPENSATION FOR UNLAWFUL DATA PROCESSING AND INFORMATION BREACHES

Abstract

This article examines the nature of extra-contractual obligations arising from tortious violations of personal data protection laws and the mechanisms for compensating damages caused by unlawful data processing and information breaches. The analysis traces the evolution of the concept of confidentiality as an absolute right towards understanding data protection as a complex of procedural rights to control information processing. The study reveals the inadequacy of traditional tort law institutions in protecting individual information rights in the digital age. Through comparative legal analysis, various compensation models are considered: the European GDPR model providing compensation for both material and non-material damage; the California CCPA model with statutory damages; and the traditional model requiring proof of specific harm. Special attention is given to the problem of presumed harm and the difficulties in establishing causation in data breach cases. The mechanisms of collective redress in mass data breach incidents are analyzed, revealing a critical absence of effective tort liability mechanisms for data rights violations in the legislation of the Republic of Uzbekistan. Based on the research findings, the author proposes a comprehensive set of measures to improve the legal regulation.