GDPR Compensation: Some Welcome Clarity From The CJEU

AC
Arthur Cox

Contributor

Arthur Cox is one of Ireland’s leading law firms. For almost 100 years, we have been at the forefront of developments in the legal profession in Ireland. Our practice encompasses all aspects of corporate and business law. The firm has offices in Dublin, Belfast, London, New York and Silicon Valley.
The Court of Justice of the European Union (the "CJEU") has issued a decision on the requirements to fulfil a damages claim under Article 82 GDPR.
European Union Privacy
To print this article, all you need is to be registered or login on Mondaq.com.

The Court of Justice of the European Union (the "CJEU") has issued a decision on the requirements to fulfil a damages claim under Article 82 GDPR. The Court found that mere infringement of the GDPR does not give a right to compensation but that there is no requirement for non-material damage suffered to reach a certain threshold of seriousness in order to confer a right to compensation.

The court set out three cumulative conditions to establish a claim for compensation under Article 82 GDPR:

An infringement of the GDPR;

Material or non-material damage resulting from that infringement; and

A causal link between the damage suffered and the infringement in question.

As noted above, the CJEU confirmed that not every infringement of the GDPR will give rise to a right to compensation. The Court noted that Articles 77 and 78 GDPR provide for legal remedies before or against a supervisory authority, without the requirement for damage to have been suffered. This is indicative of the specific nature of Article 82 as a compensatory mechanism under the GDPR. The Court noted that the compensation based on Article 82 GDPR must be "full and effective".

The Court also held that the right to compensation under Article 82 GDPR is not limited to non-material damage which reaches a certain threshold of seriousness. The Court found that making compensation for non-material damage subject to such a threshold would risk undermining the coherence of the rules established by the GDPR.

The CJEU confirmed that the GDPR does not contain any rules by which damages should be determined and it will be a matter for the courts of each member state to determine the extent of financial compensation, as well as the criteria for determining the extent of compensation in the relevant context provided that the EU law principles of equivalence and effectiveness are complied with.

It cannot be held that any infringement of the provisions of the GDPR by itself, confers that right to compensation on the data subject

https://curia.europa.eu/juris/document/document.jsf?text=

This article contains a general summary of developments and is not a complete or definitive statement of the law. Specific legal advice should be obtained where appropriate.

See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More