European Court: GDPR does not require a damage threshold for damages

The Court of Justice of the European Union has ruled that a ‘threshold’ of seriousness of a breach of the GDPR is not necessary to bring a claim to court. Also, procedures regarding the AVG, or GDPR, may not be more complex than similar procedures.

That the Court of Justice of the European Union rules in a case referred from Austria’s highest court. It concerns a case between an Austrian citizen and the national postal service of the country. The Österreichische Post has been collecting information on the political orientation of the population since 2017. It did this with an algorithm, based on social and demographic criteria. The result was a so-called ‘address of a target group’.

A man, who had not consented to the processing of his personal data, was attributed an affinity with an extreme right-wing party. He states in his complaint that this made him very angry, he felt embarrassed and this caused him to lose his confidence. He went to court and demanded compensation of 1000 euros for immaterial injuries.

The Austrian court referred to the European Court, asking whether there is not a certain threshold of seriousness that must be exceeded before a GDPR claim can be filed. The court has now ruled that this is not the case. The Court also ruled that national courts should not make the process for a GDPR claim more complicated than other claims.

Austrian privacy activist Max Schrems is happy with the verdict. According to him, many AVG cases are rejected because of too small an amount of damage. “An entire industry tried to reinterpret the GDPR to avoid paying compensation to users whose rights they violated. This seems to be rejected. We are very happy with the result.”