CJEU - C-687/21 - Saturn Electro

From GDPRhub
CJEU - C-687/21 Saturn Electro
Court: CJEU
Jurisdiction: European Union
Relevant Law: Article 2(1) GDPR
Article 5(1)(f) GDPR
Article 6(1) GDPR
Article 82 GDPR
Decided: 16.11.2021
Case Number/Name: C-687/21 Saturn Electro
European Case Law Identifier:
Reference from: AmG Hagen (Germany)
Language: 24 EU Languages
Original Source: Judgement
Initial Contributor: n/a

See Holding for questions referred.

English Summary


Facts pending full decision.


The District Court of Hagen referred the following questions to the CJEU for a preliminary ruling:

1. As no automatic legal effects are specified, is the compensation rule enacted in Article 82 GDPR invalid in the case of non-material damage?

2. Is it necessary, for the purposes of the right to compensation, to establish the occurrence of non-material damage, to be demonstrated by the claimant, in addition to the unauthorised disclosure of the protected data to an unauthorised third party?

3. Does the accidental disclosure of the personal data of the data subject (name, address, occupation, income, employer) to a third party in a paper document (printout), as the result of a mistake by employees of the processing undertaking, suffice in order to establish infringement of the GDPR?

4. Where the undertaking accidentally discloses, through its employees, data entered in an automated data processing system to an unauthorised third party in the form of a printout, does that accidental disclosure to a third party qualify as unlawful further processing (Article 2(1), Article 5(1)(f), Article 6(1) and Article 24 GDPR)?

5. Is non-material damage within the meaning of Article 82 GDPR incurred even where the third party who received the document containing the personal data did not read the data before returning the document containing the information, or does the discomfort of the person whose personal data were unlawfully disclosed suffice for the purpose of establishing non-material damage within the meaning of Article 82 GDPR, given that every unauthorised disclosure of personal data entails the risk, which cannot be eliminated, that the data might nevertheless have been passed on to any number of people or even misused?

6. Where accidental disclosure to third parties is preventable through better supervision of the undertaking’s helpers and/or better data security arrangements, for example by handling collections separately from contract documentation (especially financing documentation) under separate collection notes or by sending the documentation internally to the collection counter without giving the customer the printed documents and collection note, how serious should the infringement be considered to be (Article 32(1)(b) and (2) and Article 4(7) GDPR)?

7. Is compensation for non-material damage to be regarded as the award of a penalty similar to a contract penalty?


Share your comments here!

Further Resources

Share blogs or news articles here!