A recent ECJ ruling on the right to compensation due to GDPR infringement has clarified that individuals have the right to seek compensation for non-material damage.
A recent ruling from the European Court of Justice (ECJ) has determined that individuals have the right to compensation for non-material damage as a result of GDPR violations. However, while compensation can be claimed for material as well as non material damage,not every infringement of the GDPR gives rise to a right to compensation. A case was brought by an Austrian privacy activist who argued that the unconsented processing of his data resulted in conclusions about his political affiliation. The citizen in question has claimed that this resulted in non-material damage, and is seeking 1000 euros in compensation. The court’s ruling has clarified that individuals have the right to seek compensation for non-material damage, such as emotional distress, as a result of GDPR violations.
This ECJ ruling has confirmed that individuals may be entitled to compensation for damage, including non-financial harm.
The ruling is significant because it clarifies the scope of the GDPR’s right to compensation. The GDPR includes provisions for compensation for both material and non-material damage, but until now it was unclear whether this included non-financial harm. The court’s ruling confirms that individuals have the right to seek compensation for non-material damage, which could include emotional distress, reputational harm, or other forms of non-financial harm. It is likely to have significant implications for businesses and organizations that collect, store, and process personal data. The GDPR imposes strict obligations on data controllers and processors to protect individuals’ personal data and provides for significant fines for non-compliance. This ruling means that businesses and organizations may now face additional claims for compensation from individuals who have suffered non-material damage as a result of GDPR violations.
While individuals may seek compensation for non-material damage, this must be causal damage that is deemed serious enough to warrant compensation.
This ECJ ruling also highlights the growing importance of protecting individuals’ personal data and the need for businesses and organizations to take data protection seriously. The GDPR is designed to give individuals greater control over their personal data and to provide them with stronger rights to protect their privacy. The court’s ruling reinforces those principles and highlights the importance of GDPR compliance. While not every GDPR infringement may result in a right to compensation, a causal link between an infringement and material damages or sufficiently serious non-material damages, will give rise to the right to compensation. Additionally, because the GDPR does not outline how damages are to be assessed, the assessment of non-material damages and whether they are sufficiently serious to warrant compensation will be determined by individual member states. This recent ruling is a significant development in the regulation of data protection and privacy in the EU and is likely to have significant implications for data controllers and processors in the EU.