European Court: Not Every Violation of GDPR Legislation Entitles You to Compensation
Not every violation of the European General Data Protection Regulation (the well-known GDPR legislation) entitles you to compensation. The European Court of Justice stated this in a new judgment on Thursday.
The GDPR identifies how companies and organizations can collect, store and manage personal data. Violations of that legislation, which has been applicable since 2018, do give a right to compensation, but only if three conditions are met, the Court makes clear. First, there must be a clear breach of the GDPR itself; that breach must have led to material or immaterial damage and a causal link between the damage and the breach.
If an injured party is entitled to compensation, the Court also says it is up to the competent national data protection authority to determine this.
The judges in Luxembourg thus ruled on an Austrian case. A citizen is demanding damages of 1,000 euros from Österreichische Post because the postal company has processed his data to deduce that he has a great affinity with a specific political party. However, this data was not passed on to third parties.
In another case, also pending in Austria, the Court defines the conditions for the “copy” that a data subject can request of his personal data when they are kept. The right to obtain such a copy means that he must be able to obtain a “faithful and intelligible reproduction” of his data, it reads.