info@yklaw.de
+49 211 9991 9898
Preventive function or empty threat? (2)
2022-06-14 01:47:16
C.
However, neither Art. 82 GDPR nor the recitals provide for a materiality threshold. On the contrary, recital 146 p. 3 speaks of a broad concept of damage. In the past, German case law awarded non-material damages in accordance with Section 8 II BDSG aF only in the case of serious violations of personality. However, the limitation to serious violations is no longer applicable. A limitation to serious violations of personality rights does not correspond to the interpretation required by recital 146 p. 3, in light of the case law of the ECJ, in particular the preventive effect of damages.
Moreover, Art. 82 GDPR is to be interpreted autonomously and not according to a national concept of damage. The restrictive German concept of damage may not be transferred to the European law concept of Art. 82 I GDPR, for which other standards apply. A materiality threshold for the exclusion of mere petty violations, which requires, for example, a special immaterial interest or an objective impairment, ignores the autonomous and expressly broad interpretation of the concept of damage. A comparison with the sanctions of Art. 83 GDPR also speaks against a materiality threshold. If a fine is provided for the infringement, it seems absurd to assume no damage on the part of the data subject. In addition, recital 148 p. 2 of Article 83 of the GDPR indicates that fines may be waived in the case of minor infringements. However, there is no comparable counterpart to Art. 82 I of the GDPR (Bergt, in Kühling/Buchner, DS-GVO BDSG, Art. 82 Rn. 18a).
It should also be noted that the preventive function of damages can no longer be adequately taken into account if too high requirements are placed on the severity and presentation of the impairment for damages. It is typical of data privacy violations that it is difficult for data subjects to prove concrete and objectively verifiable damages, even in the case of drastic violations. As a rule, they will not know whether and how their data have been misused or processed (Korch, NJW 2021, 978 (980).). Recital 75 mentions loss of control of personal data precisely as a possible non-material damage. Even the uncertainty as to whether personal data have been disclosed to unauthorized persons, especially if it cannot be ruled out that they have been used without authorization, can lead to a feeling of being watched or helplessness. This can be accompanied by anxiety and stress, as well as loss of time for remedial action. In addition, the uncertainty prevents data subjects from asserting their rights, for example to information, deletion or objection, which in turn constitutes damage according to Recital 75 (Bergt, in Kühling/Buchner, DS-GVO BDSG, Art. 82 Rn. 18b, 18c).
With regard to the demonstration of the causality of the breach for the damage, it must be taken into account that data subjects regularly have no insight into the processing operations and responsibilities, so that against the backdrop of the principle of effectiveness, this could argue for a facilitation of proof or even a reversal of the burden of proof to the detriment of the damaging party (Bergt, in Kühling/Buchner, DS-GVO BDSG, Art. 82 Rn. 47).
D.
A restrictive interpretation of the concept of damage under European law can only be made by the ECJ. This first requires a referral for a preliminary ruling to the ECJ pursuant to Art. 267 I b TFEU. Pursuant to Art. 267 II TFEU, the national courts of the Member States whose judgment in pending proceedings depends on the ECJ's answer to the question are entitled to make a reference. If such a court is a court of last instance, it is obliged to make a reference pursuant to Art. 267 III TFEU. If the ECJ has already interpreted the European law provision in question or if there is no room for reasonable doubt, there is no referral.
The Federal Constitutional Court made this clear in its decision of 14.01.21 (BVerfG NJW 2021, 1005) when it ruled that the AG Goslar with its judgment (AG Goslar Urt. v. 27.9.2019 - 28 C 7/19) violated the right to the lawful judge under Art. 101 I 2 GG by refraining, as the court of last instance, from a referral to the ECJ in the context of preliminary ruling proceedings. In the proceedings, the question arose under which conditions the claim for monetary damages of Art. 82 I GDPR should be granted. In particular, how the concept of damage, also with regard to the broad interpretation stated in recital 146 S. 3, is to be understood. The district court had exceeded its discretion in a legal question not yet clarified by the ECJ when it arbitrarily assumed a materiality threshold not laid down in the GDPR.
A request for a preliminary ruling concerning questions relating to Art. 82 I of the GDPR was made by the Austrian Supreme Court on 15.04.21(OHG Beschl. v. 15.04.21 - 6Ob35/21x; EuGH C-300/21). Three questions were submitted to the ECJ for decision:
1.Does the award of damages under Art. 82 require, in addition to a breach of provisions of the GDPR, that the plaintiff has suffered damage or is the breach of provisions of the GDPR as such sufficient for the award of damages?
2.Are there further requirements of Union law for the assessment of damages in addition to the principles of effectiveness and equivalence?
3) Is the view compatible with EU law that a precondition for the award of non-material damages is that there is a consequence or consequence of the infringement of at least some weight which goes beyond the annoyance caused by the infringement?
This request is also referred to in the submission of the BAG of 26.08.21(BAG Beschl. v. 26.08.21 - 8 AZR 253/20 (A)), which called on the ECJ, among other things, due to questions regarding Art. 82 I GDPR:
4.Does Art. 82 (1) of the GDPR have a special or general preventive character and must this be taken into account when assessing the amount of non-material damage to be compensated on the basis of Art. 82 (1) of the GDPR at the expense of the controller or processor?
Does the degree of fault on the part of the controller or processor play a role in determining the amount of the non-material damage to be compensated on the basis of Article 82(1) GDPR? In particular, may non-existent or minor fault on the part of the controller or processor be taken into account in its favor?
A decision of the ECJ on these preliminary ruling requests is still pending. We will keep you informed.