December 14, 2023 Privacy

Article 82 GDPR acts as a barrier to national laws that establish a minimum level of harm (de minimis threshold) required for claiming compensation for non-material damages arising from a data protection violation

The Court of Justice of the European Union issued a judgment in the case of Gemeinde Ummendorf (C-456/22), which addressed the interpretation of Article 82(1) of the General Data Protection Regulation. The case involved a dispute over the Municipality of Ummendorf’s unauthorized online publication of a council meeting agenda with the applicants’ names and an administrative court judgment revealing their full addresses. The applicants argued that this was a violation of GDPR and sought compensation for non-material damage. The key question was whether there should be a “de minimis threshold” for non-material damages under Article 82(1) GDPR. The CJEU ruled against such a threshold, stating that individuals could seek compensation for any damage, both material and non-material, resulting from GDPR infringements without the need to meet a specific level of harm.

The Court reaffirmed its three-pronged test for compensation under Article 82: the existence of damage, its actual suffering, and a causal link between the infringement and the damage. The judgment emphasized that a mere GDPR infringement does not automatically result in compensation; data subjects must show they experienced actual, non-trivial harm. This ruling enhances the ability of individuals to seek redress for data breaches that cause non-material damage, strengthening data subject rights within the EU.