From Digital Harm to Collective Enforcement
The rapid and pervasive digitalization of global life has fundamentally reshaped the architecture of power, leading to complex challenges related to digital harms. Today, millions of (individual) consumers or small and medium enterprises (SME) face a handful of powerful entities, often referred to as GAFAs (Google, Apple, Facebook, Amazon) that act as market gatekeepers, creating systemic imbalances of power that challenge the very foundation of European consumer and market rights. And the situation might further perpetuate: While GAFAs are the issue of today, with growing bottleneck digital industries such as artificial intelligence or quantum computing may generate similar asymmetries in the near future.
Digital harms are rarely isolated incidents; they frequently reflect systemic misconduct, such as widespread data tracking, algorithmic price discrimination, or anti-competitive behaviours affecting thousands or even millions of individuals simultaneously.
This systemic misconduct covers violations of key European Union’s acts within the regulatory field including the General Data Protection Regulation (GDPR), the Digital Markets Act (DMA), the Digital Services Act (DSA), the Data Act (DA), and the Data Governance Act (DGA). Future potential, for example in the realm of the AI Act might become relevant. Against this background, this contribution advances a specific point: collective redress mechanisms are essential to bridge enforcement gaps where individual remedies fail, and practical litigation experience helps identify which procedural features are necessary for effective private enforcement.
The first part will briefly explain why individual redress remains structurally ineffective in digital markets. It will then turn to the current European framework, highlighting where the Representative Actions Directive (RAD) still leaves important gaps. Finally, drawing on the experience of Ius Omnibus, the article will reflect on which institutional elements appear decisive in enabling strategic litigation in practice.
The Systemic Failure of Individual Redress and the Need for Collective Actions
The necessity of collective redress stems directly from the unique nature of digital harms, which undermine the very notion of individual remedy. This failure is rooted in three critical obstacles:
- Asymmetry of power and information Dominant digital players possess vast amounts of data, proprietary algorithms, and technical knowledge of individual users, who lack detection and understanding of these mechanisms (Mäihäniemi, 2022, 7–9). Furthermore, these players usually have vast experience in legal procedures, large legal teams and sufficient financial means, contrary to individual consumers. The legal protection of algorithms is limited in the EU context: algorithms are not covered by the EU Software Directive (Directive 2009/24/EC), patents are rarely available due to requirements for sufficient technical character and inventive step, and trade secrets only prevent unlawful acquisition, use, or disclosure without granting exclusive property rights (Foss-Solbrekk, 2021, 247–258). These combined asymmetries make evidence gathering and asserting rights virtually impossible for a single claimant attempting to understand the full scope of digital harm.
- Rational apathy and economic viability For many digital abuses, the potential financial recovery for an individual is small and dispersed. High transactional costs, including legal fees and time investment, often far outweigh the potential recovery, leading to “rational disinterest” or “rational apathy” among consumers (Nagy, 2019, 12). This widespread inaction highlights the need for collective mechanisms, which can then face a potential free-rider problem if participation is voluntary.
- Imperceptible harm. Many digital harms as subtle as manipulative designs or micro-targeted advertising are many times not readily apparent to the individual user (Mathur et al. 2019, 1-2). When harms are not identifiable by the affected party, the notion of individual remedy becomes moot (Citron & Solove, 2020, 793–807). Collective redress mechanisms through entities educated in detecting such dark patterns, transform from a procedural tool into a critical mechanism for actively addressing systemic issues that would otherwise remain hidden.
Collective actions respond directly to these structural barriers by aggregating claims, lowering the cost-benefit threshold, and enabling specialized entities to identify and litigate systemic misconduct.
The Fragmentation Hurdle: Collective Redress Under the Representative Actions Directive
Despite its importance, collective redress faces significant structural challenges in the EU digital space, most consistently characterized by legal patchwork and fragmentation. The RAD has contributed to disparities by allowing significant national discretion on procedural elements, resulting in inconsistent access to justice across the Union. Member States retain procedural autonomy, leading to diverse models for redress actions (contrary to injunctive relief), from opt-out systems (like in Portugal and the Netherlands) to opt-in frameworks (like in Austria or Germany) to long-missed transposition failures (like in Spain).
Opt-in systems, which require individuals to actively consent to be included, typically suffer from low participation rates and a “rational apathy” problem, leaving many affected individuals without remedies. By contrast, opt-out systems make inclusion the default unless explicitly rejected, effectively eliminating this participation gap.
As a result, even passive consumers receive remedies for systemic harms, making opt-out approaches generally more efficient and equitable for digital harms. While Europe has traditionally harbored fears of “litigation booms” associated with United States-style opt-out class actions (Nagy, 2019, 35), the opt-out mechanism is a pragmatic solution to a fundamental market failure in the context of diffuse digital harms.
The GDPR marks an initial step toward a structured model for opt-out collective actions. While the framework is relatively clear in the context of injunctive relief, its application to damages actions remains considerably less certain, though not expressly excluded. The GDPR mandates Member States to introduce representative actions and specifically allows entities to initiate proceedings without a data subject’s mandate.
Crucially, the European Court of Justice (ECJ), in the Meta Platforms case (ECJ C-319/20) (Frederico, 2023, 8), affirmed the path of Article 80(2) GDPR that organizations can seek injunctive measures without a mandate or proof of harm. It is sufficient to claim that the data processing is liable to affect the rights of identifiable persons. This framework, combined with the recognized constitutional importance of data protection as a “super-fundamental right” in the EU (Golunova & Tas, 2024, 64), has led to a robust backbone for strategic litigation in the data protection sphere.
A second, fundamental challenge remains funding and financial incentives. Collective litigation against major digital defendants requires technical expertise, economic modelling, expert reports, and highly specialized legal representation. At the same time, the European loser-pays principle creates significant financial risk for representative entities. Although Article 10 of the Directive recognizes third-party funding, Member States continue to adopt divergent approaches, ranging from restrictive models to broader acceptance.
This combination of procedural divergence, funding uncertainty, and limited practical experience still makes collective redress an uncertain instrument in much of Europe.
Proving the Model: Insights From Strategic Litigation
Several of the elements flagged above can in practice become bottlenecks that substantively prevent organizations from litigating collective actions in the first place. The experience of Ius Omnibus, operating within Portugal’s collective action framework, offers useful insight into which factors appear essential for enabling effective private enforcement.
A first decisive element is the existence of an opt-out system in Portugal. Because affected consumers are automatically included unless they opt out, litigation can realistically address widespread low-value digital harm at the necessary scale.
A second essential factor is the adoption of hands-off professional litigation funding. In practical terms, this means that external funders provide the financial resources necessary to sustain technically complex litigation, while litigation strategy, legal argumentation, and procedural decisions remain entirely under the control of the claimant organization and its legal counsel. This separation is crucial because it preserves independence while making expert evidence and specialized legal work economically possible.
This model has been particularly important in standalone litigation, where no prior public enforcement decision exists.
Ius Omnibus has filed numerous actions involving major digital actors such as Google, Meta, Apple, and Sony. In several of these cases, infringement, causation, and damage must be demonstrated through independently developed technical and economic evidence, including reconstruction of data flows, contractual analysis, and economic modelling.
The practical lesson is that effective collective enforcement depends not only on formal procedural standing, but on whether representative entities can realistically sustain highly technical litigation over time.
These institutional conditions also help ensure that what is litigated generates broader legal effects. Cases that proceed successfully often clarify evidentiary standards, disclosure obligations, and substantive interpretation, thereby producing precedents that strengthen future enforcement.
The Path Forward
The experience discussed above shows that several of the structural weaknesses identified in the European framework are not merely theoretical concerns; they directly affect whether collective litigation can be initiated and sustained in practice. Effective private enforcement in digital markets depends on procedural conditions that allow representative entities to act at scale, particularly where harm is diffuse, technically complex, and individually low-value.
In that regard, practical experience suggests that certain elements are especially decisive: the availability of opt-out mechanisms capable of overcoming rational apathy, procedural tools that facilitate access to evidence, and funding structures that make technically demanding litigation economically feasible while preserving the independence of claimant organizations.
At the same time, the current European landscape remains fragmented. The discretion left to Member States under the Representative Actions Directive continues to produce uneven enforcement opportunities, particularly with regard to participation models and litigation financing. This limits the capacity of collective redress to function as a coherent instrument of digital accountability across the Union.
Conclusion
Ultimately, achieving a truly effective digital justice infrastructure requires more than the formal existence of collective redress mechanisms. It requires procedural frameworks that allow qualified entities to confront highly resourced defendants under realistic litigation conditions.
The digital economy increasingly exposes structural limits of individual enforcement: where infringements affect large groups, remain difficult to detect, and generate relatively small individual losses, collective redress becomes not simply desirable but necessary to ensure practical access to justice.
A more coherent European approach, particularly regarding participation regimes, funding conditions, and procedural effectiveness, would strengthen not only compensation mechanisms, but also the broader preventive and precedent-setting role of private enforcement. In that sense, improving collective redress is not only about resolving individual disputes; it is about ensuring that legal accountability remains meaningful in increasingly concentrated digital markets.
Ensuring accountability against dominant digital players is like trying to manage a flood using individual sandbags; collective redress, particularly through harmonized opt-out systems and innovative regulatory approaches, offers the necessary infrastructure, a holistic flood control system, to tackle the problem at scale and dry up the sources of systemic misconduct.
(Photo: Max Harlynking)
