Data protection and compensation

The provisions of the GDPR are much debated by national courts in Europe and often interpreted or applied differently due to judicial independence. In case of doubt, legal clarity in the interpretation of the provisions can only be provided by the statutory judge, namely the European Court of Justice. This is intended to ensure uniform application of European law.

The Advocates General at the European Court of Justice support the highest court in Europe through advisory opinions (Opinions).

In the Opinion on Case C-300/21 published on 06/10/2022, the Advocate General Campos Sánchez-Bordona at the Court of Justice of the European Union (CJEU) now specified the requirements of Article 82 GDPR. He interprets the GDPR to the effect that damages are required for the application of Art. 82 GDPR; the mere infringement of the provisions of the GDPR, however, does not give rise to a claim for damages. 

Rather, the plaintiff would have to demonstrate and prove (substantial) material and/or immaterial damage. 

"Annoyance" about a violation of the GDPR is not sufficient for the assumption of non-material damage.

The reference for a preliminary ruling is based on proceedings before the Austrian Supreme Court in which a plaintiff is seeking an amount of EUR 1,000 from Österreichische Post AG to compensate for his non-material damage. The claim for damages is based on the fact that, since 2017, Österreichische Post AG has been collecting information on the party affinities of the Austrian population without the consent of the persons concerned in order to identify target groups for election advertising of various political parties. The plaintiff argues that the political affinity attributed to him is insulting, shameful and damaging to his credit. Austrian Post's behavior caused him great annoyance, a loss of trust, and a feeling of being exposed.

On 12/05/2021, the Supreme Court (Austria) referred the following three questions to the CJEU for a preliminary ruling on the interpretation of Article 82 (1) GDPR with regard to the requirements for non-material damages and the compatibility of a "materiality threshold" with the EU principles of effectiveness and equivalence and the full harmonization principle:

In his opinion on 06/10/2022, the Advocate General commented on the questions referred as follows:

For a claim for damages to arise, the Advocate General requires that the data subject must have suffered damage. He justifies this in particular with the wording of Art. 82 (1) GDPR. Without damage, compensation would rather be equivalent to a sanction and would no longer fulfill the function of compensation. 

However, the purpose of the civil liability of the controller is to provide satisfaction to the data subject through full and effective compensation for the damage caused to him (recital 146). At the same time, it is up to the supervisory authorities to impose sanctions on the responsible party. 

This system of separation of (private) compensation and (public) sanction was already found in the predecessor provision of Directive 95/46 and, in the opinion of the Advocate General, was also adopted in the GDPR.

According to the Advocate General, the principles of equivalence and effectiveness in view of the full harmonization by Art. 82 GDPR "do not play a significant role" for the assessment of non-material damages. The calculation and determination of the amount of damages remains the responsibility of the national courts - Art. 82 GDPR, however, does not contain any requirements for the calculation of damages.

Although Article 82 of the GDPR does not contain a materiality threshold according to its wording, the Advocate General nevertheless sees the need for such a materiality threshold and bases his assumption on recitals 75 and 85. He argues that compensation payments by the legislator are precisely limited to "significant" disadvantages. Temporary and weak negative feelings such as anger would accordingly not be compensable. 

However, the damage also does not lie in the loss of control of the personal data. It was up to the affected parties to prove immaterial damage in addition to material damage. However, it would be up to the national courts to determine when the threshold for compensable damage had been crossed. However, he himself acknowledges that this threshold is blurred.

Although the CJEU often follows the Advocate General's Opinion, it can be predicted that this is unlikely in the present case. Although the Advocate General interpreted the provisions systematically and methodologically in his reasoning, this interpretation is not likely to have focused on the purpose of the GDPR, but rather on the attempt to correct or minimize risks in order to protect the economy. 

The European Court of Justice, on the other hand, has recently rather demonstrated that data protection and, in particular, the processing of personal data are placed under special protection.

Should the CJEU nevertheless follow the Opinion, the national courts would have to work out categories as to when a subjective feeling can be assessed as non-material damage in an individual case. 

This would not only result in inconsistencies in European case law, but would also likely contradict the general preventive approach of the GDPR: