CJEU case-law

The Court of Justice of the European Union (CJEU) ruled in Case C-590/22 PS, determining that mere infringement of GDPR is insufficient for compensation under Article 82(1). Claimants must demonstrate actual non-material damage, though it need not reach a specific severity. Fear of data disclosure can justify compensation if proven. The criteria for fines in Article 83 do not apply to damage awards, and compensation does not need to consider national law breaches not specifying GDPR rules.

CJEU Ruling on Compensation for Non-Material Damages based on fear [Case C-590/22 PS]

CJEU, Enforcement, EU law, GDPR |

The Court of Justice of the European Union (CJEU) ruled in Case C-590/22 PS, determining that mere infringement of GDPR is insufficient for compensation under Article 82(1). Claimants must demonstrate actual non-material damage, though it need not reach a specific severity. Fear of data disclosure can justify compensation if proven. The criteria for fines in Article 83 do not apply to damage awards, and compensation does not need to consider national law breaches not specifying GDPR rules.

CJEU Ruling on Compensation for Non-Material Damages based on fear [Case C-590/22 PS] Read More »

The Court of Justice of the European Union ruled in merged cases C-182/22 and C-189/22 Scalable Capital, addressing compensation for non-material damage under GDPR Article 82(1) due to theft of personal data. The court clarified that compensation to individuals is purely compensatory, not punitive, and the severity of GDPR infringements by controllers is irrelevant for compensation purposes. The court emphasized that data breaches causing non-material damage are significant and may warrant minimal compensation even if not serious, provided they fully address the harm suffered.

CJEU Ruling on Compensation for Data Breach [C-182/22 and C-189/22 Scalable Capital]

CJEU, Enforcement, EU law, GDPR |

The Court of Justice of the European Union ruled in merged cases C-182/22 and C-189/22 Scalable Capital, addressing compensation for non-material damage under GDPR Article 82(1) due to theft of personal data. The court clarified that compensation to individuals is purely compensatory, not punitive, and the severity of GDPR infringements by controllers is irrelevant for compensation purposes. The court emphasized that data breaches causing non-material damage are significant and may warrant minimal compensation even if not serious, provided they fully address the harm suffered.

CJEU Ruling on Compensation for Data Breach [C-182/22 and C-189/22 Scalable Capital] Read More »

The Privacy Explorer | Week 18

The Privacy Explorer |

Welcome to the privacy news recap for week 18 of 2024!

In this edition:
📱US Federal Communications Commission (FCC) Imposes Heavy Fines on Major US Carriers for Illegal Data Sharing Practices;

🤖 OpenAI’s GDPR Compliance Faces New Challenge In Europe;

👥 EU Commission Initiates Formal Proceedings Against Meta for Possible Digital Services Act Violations;

📄 Norwegian Data Protection Authority publishes annual report for 2023;

⚖️ CJEU Rules on Data Retention and Privacy in Copyright Enforcement Case (C-470/21 La Quadrature du Net and Others);

⚖️ CJEU Ruling on Data Access for Crime Investigation Under the ePrivacy Directive (C‑178/22);

🛡️ NIST publishes Cyber Security Framework 2.0 small business guide;

📥 Dutch DPA publishes guidelines on data scraping and considers it “mostly illegal”;

👁️ Dutch DPA publishes general framework for facial recognition;

📝 UK ICO launches tool to help create privacy notices;

🏛️ OECD Updates AI Principles.

The Privacy Explorer | Week 18 Read More »

Scroll to Top