Because of the rigorous “piercing the corporate veil” standard in the U.S. and the E.U., private equity (PE) sponsors have been protected, absent extreme examples, from liability for actions by their portfolio companies. It is well settled, however, that there is a lower bar for parents to be fined for their subsidiaries’ breaches of E.U. competition law and the General Data Protection Regulation (GDPR). The scope of this potential risk has been unknown, however, due to uncertainty whether this lower parental liability standard extends to civil claims for damages related to these same data-protection or antitrust violations. For more on previous antitrust claims in the PE industry, see “Federal Antitrust Suit Against Ten Prominent Private Equity Firms Based on Allegations of ‘Club Etiquette’ Not to Jump Announced Deals Survives Summary Judgment Motion” (Apr. 11, 2013). The European Court of Justice (ECJ) recently ruled on this issue and found that parent companies can also be subject to direct civil claims for damages caused by E.U. antitrust violations. This is a salient risk because the GDPR shares the same parental liability formulation, greatly enhancing the potential exposure faced by PE sponsors in Europe. The decision crystallizes a risk to PE sponsors that had not previously been considered likely or imminent within the PE industry. This article explores the background to the ECJ case and examines the court’s analysis. See our two-part series on the GDPR: “Impact” (Feb. 21, 2019); and “Compliance” (Feb. 28, 2019).