Author: Gülnur Çakmak
Introduction
In its decision regarding Case-300/21 and dated May 4, 2023, the Court of Justice of the European Union (“CJEU”) evaluates the right to compensation for an infringement of the European Union General Data Protection Regulation (“GDPR”) regulated in Article 82 of the GDPR. The CJEU decided that a mere infringement of the GDPR is not sufficient to claim compensation for non-material damage. Instead, the CJEU ruled that (i) damage that has been suffered, (ii) an infringement of the GDPR, and (iii) a causal link between the damage and that infringement must exist. Furthermore, the CJEU states that there is no requirement for the non-material damage suffered to reach a minimum threshold of seriousness and that national courts must apply the domestic rules of each Member State to the extent of financial compensation, provided that the principles of equivalence and effectiveness of EU law are complied with.
Background
The background to the case was the legal dispute of an affected party in Austria against the Austrian postal service (“Österreichische Post AG”). Accordingly, the Österreichische Post AG collected information on the political affinities of the Austrian population. It defined target group addresses using an algorithm that considers various social and demographic criteria. The data thus generated were sold to various organizations, to enable them to send targeted advertising.
