CJEU - C‑456/22 - Gemeinde Ummendorf: Difference between revisions
No edit summary |
No edit summary |
||
Line 53: | Line 53: | ||
=== Holding === | === Holding === | ||
The CJEU decided that Article 82(1) GDPR | The CJEU decided that Article 82(1) GDPR has its own definition under EU Law and that this definition overrides national legislation. Other conditions for establishing liability, such as in this case the tangible nature of the damage or the objective nature of the infringement, cannot be added. | ||
First, | First, non-material damages under the GDPR require three cumilative conditions (para 14). The existence of the infringement of the regulation, damage that has been suffered and a causal link between that damage and infringement. | ||
Second, Article 82(1) GDPR does not reference national law which means that a member state's definitions of non-material damages beyond these three requirements is irrelevant (para15). | |||
Third, it follows that if there is a proven infringement under the three conditions referenced above, there is no ''deminimis'' threshold that a data subject must reach for the damage to be capable of compensation. This interpretation is surported by both recital 146 GDPR which states that the concept of damage must be interpreted broadly and the case [[C-300/21 Österreichische Post AG]] which ruled that there is no threshold in the context of non-material damages for a data subject to receive compensation. It would be contra the regulation and case law for the court to rule that non-material damages should now be limited to seriousness of the harm or the duration of the infringement. | |||
Last, having said the above, the mere infringement of the GDPR is insufficient for compensation (para 21. and also see [[C-300/21 Österreichische Post AG]] and [[CJEU - C‑340/21 - Natsionalna agentsia za prihodite]]). This is because it is only one of the three conditions required for non-material damages as damage must also have been suffered. While the court acknowledges that they have defined this broadly (para 22.), data subjects must still demonstrate that they have suffered actual damage, however minimal this damage is. | |||
== Comment == | == Comment == |
Revision as of 08:52, 31 January 2024
CJEU - Case C‑456/22 Gemeinde Ummendorf | |
---|---|
Court: | CJEU |
Jurisdiction: | European Union |
Relevant Law: | Article 82(1) GDPR |
Decided: | |
Parties: | |
Case Number/Name: | Case C‑456/22 Gemeinde Ummendorf |
European Case Law Identifier: | ECLI:EU:C:2023:988 |
Reference from: | |
Language: | 24 EU Languages |
Original Source: | Judgement |
Initial Contributor: | n/a |
The CJEU decided that Article 82(1) GDPR precludes national legislation or practice which sets a deminimis threshold to establish non-material damages under the GDPR.
English Summary
Facts
In June 2020 the Municipality of Ummendorf published meeting minutes and judgement by the Administrative Court of Sigmaringen on their website. The meeting minutes contained the names of a data subject and the judgement their names and address of domocile. Interestingly, the names of the other parties within the judgement had already been redacted by the municipality before uploading it to their website.
The Data subject claimed damages under Article 82(1) GDPR and argued that no deminimis threshold should be applied. The DPA argued that Article 82(1) requires proof of noticeable disadvatnage and objective comprehensible impairment of personal interests. For a non-material damage to exist, the deminimis threshold must be exceeded.
The case was appealed to the Ravensburg Regional Court who reffered one question to the CJEU:
1) Does Article 82(1) GDPR require noticeable disadvantage and comprehensible impairment of personal interests from the data subjest, or is the mere short-term loss of control over their personal data for a few days which did not have a noticeable consequence sufficient for non-material damages?
Holding
The CJEU decided that Article 82(1) GDPR has its own definition under EU Law and that this definition overrides national legislation. Other conditions for establishing liability, such as in this case the tangible nature of the damage or the objective nature of the infringement, cannot be added.
First, non-material damages under the GDPR require three cumilative conditions (para 14). The existence of the infringement of the regulation, damage that has been suffered and a causal link between that damage and infringement.
Second, Article 82(1) GDPR does not reference national law which means that a member state's definitions of non-material damages beyond these three requirements is irrelevant (para15).
Third, it follows that if there is a proven infringement under the three conditions referenced above, there is no deminimis threshold that a data subject must reach for the damage to be capable of compensation. This interpretation is surported by both recital 146 GDPR which states that the concept of damage must be interpreted broadly and the case C-300/21 Österreichische Post AG which ruled that there is no threshold in the context of non-material damages for a data subject to receive compensation. It would be contra the regulation and case law for the court to rule that non-material damages should now be limited to seriousness of the harm or the duration of the infringement.
Last, having said the above, the mere infringement of the GDPR is insufficient for compensation (para 21. and also see C-300/21 Österreichische Post AG and CJEU - C‑340/21 - Natsionalna agentsia za prihodite). This is because it is only one of the three conditions required for non-material damages as damage must also have been suffered. While the court acknowledges that they have defined this broadly (para 22.), data subjects must still demonstrate that they have suffered actual damage, however minimal this damage is.
Comment
h
Further Resources
Share blogs or news articles here!