The European Court of Justice says there is no minimum for non-material damages for violations of GDPR rules. The statement is a setback for many tech companies.
GDPR legislation was introduced in 2018. Since then, almost every website has featured a cookie statement on the first visit. Companies must clearly state that they want to collect data from a user and ask for consent. Many online platforms have received hefty fines for violating these regulations. Now the law appears to be even heftier than the tech industry seems to have expected.
Limit
While there is no minimum for filing a claim for damages, the EU Court states that a violation of GDPR rules will not immediately result in compensation. Ultimately, each member state may independently determine how serious a GDPR breach is and whether an alleged victim is entitled to a compensation claim.
The court makes the ruling based on an Austrian request. A German lawyer was angry about a GDPR breach that would have unfairly labeled him as a right-wing politician. The Gerichtshof in Vienna therefore suggested defining a minimum on an EU basis, but the European Court is refraining from doing so.
Lawyer Peter Church of London-based Linklaters LLP told The Register that the court ruling is likely to worry many companies. “This could open the way for not only frivolous or vexatious claims, but also large class actions in the event of, for example, a data breach.”