Member-only story
The issue of whether GDPR damages can be claimed if there is no harm, is on its way from Austria to the CJEU. Suzanne Vergnolle brough this to my attention in a twitter thread. I have discovered that the critical piece of law,
Article 82.1 of the GDPR (‘Right to compensation and liability’) states: ‘Any person who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation from the controller or processor for the damage suffered.’
I was always taught that a breach of rights is a damage, however, the ruling from the Advocate General disagrees, stating,
The law “is to be interpreted as meaning that for the purposes of the award of compensation for damage suffered by a person as a result of an infringement of that regulation, a mere infringement of the provision is not in itself sufficient if that infringement is not accompanied by the relevant material or non-material damage.”
While the CJEU no longer has jurisdiction in the UK, there’s several organisations that will be breathing easier. Obviously it depends on the Court itself, and the ruling still allows pursuit through the national DPAs. In the UK, the route to case law precedent is exclusively via the UK Courts which will interpret the Data Protection Act 2018 as updated. The DPA 2018 says…
