Cyberattacks and data breaches expose individuals and firms to liability in civil courts. Despite regulators’ efforts to standardize cybersecurity laws, judges, justices and attorneys have offered a plethora of interpretations to the same laws, causing a great deal of confusion. The current investigation utilizes the Jordanian civil code to illustrate how complex liability becomes in data breaches cases. Through a comprehensive examination of liability rules 256–291 within the civil code, the Supreme Courts’ liability precedents, and the new personal data protection law, this analysis finds that liability could be established under strict conditions. Liability claims in Jordanian courts must satisfy the standing doctrine, the presence of injury requiring compensation, and causality, and must demonstrate the clear links between data breaches and the harm/injury suffered. The novelty of the personal data protection law in Jordan is likely to impact how liability is interpreted and established in cybersecurity cases.
Ahmed M. Khawaldeh (Fri,) studied this question.