The European Union’s top court made significant rulings related to data protection, reported TechCrunch.
There are two cases being addressed: one focuses on compensating for GDPR breaches, while the other explains what information individuals should expect to receive when exercising GDPR rights to access their data.
The CJEU’s ruling on GDPR compensation pertains specifically from a case referred by an Austrian court, wherein an individual sought legal action against the national postal service for utilizing an algorithm that predicted the political views of citizens based on socio-demographic criteria without their consent or knowledge. As a result, the individual felt vulnerable, distressed and suffered a loss of confidence, according to the Court’s official press release.
There have been attempts to bring class action-style suits for data protection breaches, seeking compensation for regional damages to privacy violations. The CJEU ruling may facilitate these claims within the EU, but there is a limit since the court has ruled that an infringement of the GDPR does not automatically guarantee a right to compensation. Therefore, litigants must demonstrate personal damage to pursue legal action.
The CJEU has ruled that compensation can be granted for nonmaterial damages without requiring a certain level of severity.