Opening of Jurisprudence in the Area of Non-Material Damages: New Standards Set by the Federal Court of Justice
With its decision of 19.11.2024 (Case No.: VI ZR 1024/22), the Federal Court of Justice (BGH) has taken a remarkable step in copyright and data protection case law. The judges at the BGH introduced a nuanced reassessment of the requirements under which affected parties can claim non-material damages. The decision clarifies the standard for compensation of non-material damages in cases of violations of Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR) and carries significant implications for legal protection in data privacy matters.
Starting Point: Facts and Reason for the Decision
The BGH had to decide on the lawsuit of an individual who sought compensation for the publication of her personal data without lawful basis. The case was based on the processing of personal information without effective consent or any other statutory permission. The claimant argued that her rights under the GDPR had been infringed by the unauthorized data processing and that she had suffered a non-material disadvantage—i.e., an impairment without tangible financial loss.
Previous Case Law and Its Challenges
In previous years, it was common jurisprudence to require significant proof of so-called ‘non-material damages’ as per Art. 82 GDPR. For instance, affected individuals were expected to specify what concrete impairments—beyond mere uncertainty—had occurred. Consequently, many courts set a high bar for awarding compensation.
The New Standard of the BGH
Eased Requirements for Demonstrating Damage
In its recent decision, the BGH has considerably lowered this barrier. The judges stated that loss of control over one’s own data, discomfort, or uncertainty resulting from unlawful processing of personal data alone can constitute compensable non-material damage. The ruling further makes clear that such damage must not be trivialized and does not require the disadvantage to be particularly serious.
No Requirement for a “Threshold of Seriousness”
Of central importance is the BGH’s finding that the right to non-material damages under Art. 82 (1) GDPR does not require a threshold of seriousness. In other words, any violation of the GDPR that leads to a loss of control, uncertainty, or a comparable non-material disadvantage is sufficient. The effects of the violation, therefore, need not be exceptionally serious.
Individual Compensation for Damages
The BGH expressly emphasizes that the right to non-material damages aims to provide individual compensation. This compensation should address even those personal impairments that are difficult to objectively quantify, without restrictive requirements concerning their seriousness. As such, the decision strengthens the legal position of affected individuals and underscores the EU’s objectives of effective data protection.
Significance for Businesses and Affected Individuals
Implications for Practice
For businesses that process personal data, the ruling results in a significant increase in liability risks. Even minor violations that result in loss of control over data can give rise to substantial claims. Moreover, this jurisprudence may extend to other areas of law where non-material interests are affected (e.g., banking, capital markets, and distribution law, as well as in the context of competition violations).
For affected individuals, this creates the opportunity to assert claims for compensation on an eased factual basis, for example, in cases of data breaches, unlawful data use, or disclosure of sensitive information.
Limitations and Restrictions
It should be noted that compensation is not automatically granted with every violation of the GDPR. The affected individual remains obliged to demonstrate that a disadvantage has occurred, even though this can now involve low-threshold impairments. Courts will still need to decide in each individual case whether non-material damage exists in the specific circumstances and how it is to be assessed.
The BGH also emphasizes that the interpretation is to be in conformity with EU law and that the objectives of European data protection law must be given primary consideration in evaluation.
Conclusion and Outlook
The Federal Court of Justice’s decision sets new highlights in data protection law and will henceforth shape the enforcement of claims for non-material damages. Affected individuals gain a significantly improved starting position, while data-processing companies are facing greater challenges in handling personal data. In practice, a careful examination of internal data protection processes and thorough documentation of data processing are essential to meet regulatory and liability requirements.
For companies, investors, and private individuals confronted with questions concerning non-material damages, data-protection-compliant conduct, and liability risks in light of current case law, a sound legal assessment and support is recommended. The Rechtsanwalt of MTR Legal assist clients with all matters in data protection and related areas of law.
