• Blog
  • Court of Justice Confirms No "Threshold" for GDPR Damages

Court of Justice Confirms No "Threshold" for GDPR Damages

Simon Coulthard May 04, 2023

 

Quick Summary of the Ruling

  • The CJEU confirmed that there is no minimum amount of damages required for violations of the GDPR.
  • The CJEU clarified that users have a right to compensation when their personal data is illegally processed, subject to the typical requirements for any damages claim.
  • Some members of the German legal community wanted to limit GDPR enforcement, but the CJEU rejected this view.
  • The CJEU stated that national GDPR procedures should be as simple as other national court claims and that other non-material claims should be treated similarly.
  • The case involved the Austrian Postal Service processing data on probable political leanings of millions of people, and the claimant demanded compensation for the illegal processing of their data.

Ruling Impacts on Companies & Solutions Explained

The Court of Justice of the European Union (CJEU) recently issued a landmark ruling on emotional damages under the General Data Protection Regulation (GDPR), confirming that users have a right to compensation when their personal data is illegally processed.

The ruling emphasizes the importance of data privacy and the need for tech solutions that are GDPR compliant, such as TWIPLA.

One key aspect of the CJEU decision is the confirmation that the GDPR does not require a "threshold" for damages. This is contrary to the view held by some members of the German legal community, who have sought to limit GDPR enforcement by implementing a threshold for GDPR claims. However, the CJEU has rejected this view and affirmed that users have a right to compensation for any violation of their GDPR rights.

The CJEU ruling also highlights the typical requirements for any damages claim, including a violation, damages, and causation. While the CJEU notes that there is no claim without actual damage, this does not come as a surprise.

The ruling affirms the right of users to compensation when their personal data is illegally processed, subject to the typical requirements for any damages claim.

The CJEU decision arose from a case involving the Austrian Postal Service, which generated statistics about probable political leanings of millions of people. The claimant was assigned a likely interest in the far-right "Freedom Party," but it was unclear if this information was ever disclosed to a third party since the complainant was on an Austrian opt-out list for postal advertising. The claimant demanded compensation for the illegal processing of their data, and the Austrian Supreme Court referred the case to the CJEU for a decision.
 

Remove the Risk with Privacy-first Website Analytics

The CJEU's ruling highlights the need for tech solutions that are GDPR compliant, such as TWIPLA.

TWIPLA is a privacy-friendly analytics platform that enables website owners to monitor their website traffic without compromising their visitors' data privacy.

With TWIPLA, website owners can protect their visitors' data privacy while still gaining valuable insights into their website's performance.

With Google's Universal Analytics sunsetting in a matter of weeks, there is no better time to jump ship and mitigate the high risk of continuing to use a non-compliant solution. 

What's more, those that do decide to move to TWIPLA can also save lots of money on their martech stack by also accessing heatmaps, session recordings, polls, surveys, and more. All within one platform and at one highly competitive price. 

Get Started for Free

Gain World-Class Insights & Offer Innovative Privacy & Security

up-arrow.svg