CJEU - C-687/21 - Saturn Electro
CJEU - C-687/21 Saturn Electro | |
---|---|
Court: | CJEU |
Jurisdiction: | European Union |
Relevant Law: | Article 2(1) GDPR Article 5(1)(f) GDPR Article 6(1) GDPR Article 82 GDPR |
Decided: | 16.11.2021 |
Parties: | |
Case Number/Name: | C-687/21 Saturn Electro |
European Case Law Identifier: | |
Reference from: | AmG Hagen (Germany) |
Language: | 24 EU Languages |
Original Source: | Judgement |
Initial Contributor: | n/a |
See Holding for questions referred.
English Summary
Facts
Facts pending full decision.
Holding
The District Court of Hagen referred the following questions to the CJEU for a preliminary ruling:
1. As no automatic legal effects are specified, is the compensation rule enacted in Article 82 GDPR invalid in the case of non-material damage?
2. Is it necessary, for the purposes of the right to compensation, to establish the occurrence of non-material damage, to be demonstrated by the claimant, in addition to the unauthorised disclosure of the protected data to an unauthorised third party?
3. Does the accidental disclosure of the personal data of the data subject (name, address, occupation, income, employer) to a third party in a paper document (printout), as the result of a mistake by employees of the processing undertaking, suffice in order to establish infringement of the GDPR?
4. Where the undertaking accidentally discloses, through its employees, data entered in an automated data processing system to an unauthorised third party in the form of a printout, does that accidental disclosure to a third party qualify as unlawful further processing (Article 2(1), Article 5(1)(f), Article 6(1) and Article 24 GDPR)?
5. Is non-material damage within the meaning of Article 82 GDPR incurred even where the third party who received the document containing the personal data did not read the data before returning the document containing the information, or does the discomfort of the person whose personal data were unlawfully disclosed suffice for the purpose of establishing non-material damage within the meaning of Article 82 GDPR, given that every unauthorised disclosure of personal data entails the risk, which cannot be eliminated, that the data might nevertheless have been passed on to any number of people or even misused?
6. Where accidental disclosure to third parties is preventable through better supervision of the undertaking’s helpers and/or better data security arrangements, for example by handling collections separately from contract documentation (especially financing documentation) under separate collection notes or by sending the documentation internally to the collection counter without giving the customer the printed documents and collection note, how serious should the infringement be considered to be (Article 32(1)(b) and (2) and Article 4(7) GDPR)?
7. Is compensation for non-material damage to be regarded as the award of a penalty similar to a contract penalty?
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!