© focus finder / Adobe Stock
Everyone knows them, the annoying advertising emails from online shops or services that you have subscribed to at some point for a voucher or even completely unintentionally. But even reputable providers like the legal research service Juris can apparently drive their customers crazy with advertising. A lawyer is currently defending himself in proceedings before the Saarbrücken Regional Court against advertising letters from the database operator and the storage of his data for this purpose. Now the ECJ also had to take action on the matter following a submission from the LG (judgment of April 11, 2024 – C-741/21).
The lawyer learned that Juris stored his personal data not only to send the newsletters he had ordered, but also for advertising purposes. He then revoked all previously given consent and objected to any processing of his data for advertising purposes. Nevertheless, he repeatedly received letters from Juris in which an individual ten-digit character string was printed. This could then be entered on the Juris website, whereupon an order form appeared containing personal information about the man.
The lawyer therefore once again informed Juris in writing of his objection to any advertising. In addition, by continuing to create advertising letters using the data, the company processed this data unlawfully. For this he is entitled to compensation in accordance with Art. 82 GDPR to. If he had thought that no more advertising letters would arrive after this legal threat, he would have been mistaken: he continued to receive mail from Juris, whereupon he had his objection served by bailiff. He also commissioned a notary who opened the order form together with him to confirm that it actually contained personal data.
Is unauthorized advertising mail compensable damage?
In addition to reimbursement of the notary and bailiff costs, he is now demanding compensation from the Saarbrücken Regional Court, which he believes he is entitled to due to the unlawful processing of his data. This raises the exciting question of whether data processing that violates the GDPR actually represents immaterial damage that can be compensated. The LG then submitted this to the ECJ for a preliminary ruling.
In this regard, the ECJ makes it clear that Art. 82 GDPR, which awards compensation to any person who “has suffered material or immaterial damage as a result of a violation of this regulation”, is hereby based on specific damage. Those affected would also have to prove this. The mere violation of subjective rights under the GDPR is therefore not enough. Nevertheless, the “loss of control” over one’s own data, which the plaintiff’s lawyer uses as justification in the main proceedings, can be such a damaging position, as the Court has now stated. This one is in 85. Recital of the GDPR expressly mentions damage that could be caused by a breach of personal data.
Companies cannot excuse themselves by claiming that employees are at fault
Furthermore, the LG wanted to know whether the objection that Juris raised in the proceedings, according to which an employee might be responsible for the unlawful data processing, was even valid. In other words: whether a company can be exculpated because employees have caused damage contrary to their instructions. The Luxembourg judges now clearly denied this. Ultimately, according to their argument, the claim for damages would practically lose meaning if companies could always evade responsibility by citing employees who acted in violation of the regulations.
Finally, the LG also asked the ECJ how a claim for damages should be assessed if – as here – several violations occurred at the expense of the same person in the same data processing operation. In this regard, the Court pointed out that Art. 82 GDPR does not have a punitive function, but rather a compensatory one, which means that it is not important whether the person responsible has committed multiple violations against the same person, but rather only the specific damage suffered by that person.
ECJ, judgment of April 11, 2024 – C-741/21
Editorial team beck-aktuell, Maximilian Amos, April 12, 2024.