In light of the non-binding opinion ofThe Solicitor General of the Court of Justice of the European Union (CJEU), Europeans will receive little compensation for violations of their rights under the General Data Protection Regulation, according to privacy campaigners.
Under the opinion issued last week, Europeans will only be compensated for minimal violations of their rights under the General Data Protection Regulation (GDPR). However, this provides for a claim for compensation for non-material damage.
“GDPR has significant flaws in implementation. At the same time, the purpose of the notice appears to be to protect the industry from any enforcement of the regulations. This is a very problematic approach on the part of the Court of JusticeMax Schrams, attorney and privacy advocate, said in a statement Thursday (October 13).
This opinion was issued in response to a case in Austria in which the national postal service illegally took into account the political affiliation of millions of Austrians, thus violating the General Data Protection Regulation (GDPR). Names, addresses, and dates of birth were used as base data for their algorithm.
In October 2019, the Austrian Data Protection Authority fined the Austrian Postal Service €18 million for violating the General Data Protection Regulation (GDPR) after using these personal data sets to provide marketing services to various political parties for political propaganda purposes.
A Vienna prosecutor, who was linked to the far-right Austrian Freedom Party (FPÖ), also sued the postal service through its algorithm for immaterial damages, claiming €1,000 for his anger, loss of confidence, and a sense of exposure. He said his association with the right-wing party was insulting, shameful and damaging to his reputation.
The first and second instance courts dismissed his claims, claiming that the embarrassment and inconvenience were less than the threshold for entitlement to compensation.
The Austrian Supreme Court then appealed to the Court of Justice of the European Union, questioning whether the award of moral damages can be restricted if the plaintiff’s anger does not go beyond that related to the violation of rights under the General Data Protection Regulation (GDPR).
That definition would include all kinds of outrage caused by a GDPR violation, says the non-profit organization noyb, founded by Austria-based Max Schrems. Therefore, intangible compensation will not be awarded for violations of the General Data Protection Regulation (GDPR).
This issue is very worrying. If the opinion of the Austrian Supreme Court and the attorney general prevails, then most users will never again see reparations for violations of the GDPR”Max Shrems said.
Although the notice mentions options other than damages, such as declarations, nominal damages, or injunctions, for an NGO noyb, this means that claimants must invest only to receive written confirmation that they are justified. This attitude would discourage them from filing a complaint.
The notice appears to allow EU countries to create their own thresholds that may limit compensation for non-physical damages under the GDPR, leading to fragmentation across the block. However, even in this particular case, the opinion does not make it possible to know whether the plaintiff should be compensated or not.