Skip to main content

Q9 - What happens when multiple Fiduciaries share data — who carries liability if something goes wrong?

Answer
  • Each Fiduciary remains responsible for the data it controls.
  • If data is jointly processed, joint liability may apply unless contracts clearly allocate responsibilities.
Example

A travel aggregator partners with an airline and a hotel chain.
If a breach occurs in the airline’s system, the airline is primarily liable.
But if the aggregator shared data without valid consent, it could also be held liable.
Contracts must spell out responsibilities, but the Board will still hold all parties accountable for protecting individuals’ rights.