A PYMNTS Company

Europe’s High Court Outlines GDPR Compensation & Data Rights

By  |  May 8, 2023

The European Union’s top court made significant rulings related to data protection, reported TechCrunch. 

    Get the Full Story

    Complete the form to unlock this article and enjoy unlimited free access to all PYMNTS content — no additional logins required.

    yesSubscribe to our daily newsletter, PYMNTS Today.

    By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions.

    There are two cases being addressed: one focuses on compensating for GDPR breaches, while the other explains what information individuals should expect to receive when exercising GDPR rights to access their data.

    The CJEU’s ruling on GDPR compensation pertains specifically from a case referred by an Austrian court, wherein an individual sought legal action against the national postal service for utilizing an algorithm that predicted the political views of citizens based on socio-demographic criteria without their consent or knowledge. As a result, the individual felt vulnerable, distressed and suffered a loss of confidence, according to the Court’s official press release.

    Read more: My Data = Your Data? How the EU Data Act May Influence IoT and Cloud Offerings in the European Union and Beyond

    There have been attempts to bring class action-style suits for data protection breaches, seeking compensation for regional damages to privacy violations. The CJEU ruling may facilitate these claims within the EU, but there is a limit since the court has ruled that an infringement of the GDPR does not automatically guarantee a right to compensation. Therefore, litigants must demonstrate personal damage to pursue legal action.

    The CJEU has ruled that compensation can be granted for nonmaterial damages without requiring a certain level of severity.