• Mehr als 3 Millionen Wörter Inhalt
  • |
  • info@itmedialaw.com
  • |
  • Tel: 03322 5078053
Rechtsanwalt Marian Härtel - ITMediaLaw

No products in the cart.

  • en English
  • de Deutsch
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
Kurzberatung
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
Rechtsanwalt Marian Härtel - ITMediaLaw

ECJ rulings on compensation for data protection breaches

26. June 2024
in Data protection Law
Reading Time: 8 mins read
0 0
A A
0
dsgvo 3589608 1280
Key Facts
  • ECJ clarifies the claim for damages under Art. 82 GDPR in decisions C-687/21 and C-340/21.
  • A breach of the GDPR alone does not justify a claim for damages; actual damage is necessary.
  • The loss of control over personal data can constitute immaterial damage without being able to prove concrete data misuse.
  • National courts must make concrete assessments of the fears raised in individual cases.
  • If a third party has no knowledge of the data, concern about possible misuse is not sufficient for a claim.
  • The ECJ calls for a differentiated approach in order to avoid excessive claims and to protect the rights of those affected.
  • Recent OLG rulings show the complexity and legal requirements for damages in data protection.

Analysis of the ECJ rulings

Content Hide
1. Analysis of the ECJ rulings
2. Current OLG rulings on the subject of data protection
2.1. Author: Marian Härtel

In its recent decisions C-687/21 and C-340/21, the European Court of Justice (ECJ) provided important clarifications on the right to compensation under Art. 82 GDPR, building on previous case law.

First of all, it is important to make a clear distinction between the breach of the GDPR and the resulting damage. In decision C-300/21 of 4 May 2023, the ECJ had already emphasized that a mere breach of the GDPR does not automatically give rise to a claim for damages. The loss of control over personal data that occurs as a result of a GDPR breach can in itself constitute non-material damage. This follows from Recital 85 of the GDPR and was confirmed by the ECJ in Decision C-340/21. It is not necessary for a specific misuse of the data to have already taken place. A well-founded fear of possible future misuse may be sufficient; it is important to note that different standards apply to the infringement and the resulting damage:

  1. No subjective element on the part of the controller is required for a breach of the GDPR. It is sufficient to objectively establish that the requirements of the GDPR have not been complied with.
  2. However, a subjective element on the part of the person concerned is relevant for the damage in the form of loss of control. The person must explain and, if necessary, prove that they actually feel worry, anxiety or discomfort due to the loss of control.

The ECJ clarified in C-340/21 that the national courts must make a concrete assessment when examining the claim for damages. They must examine whether the fears expressed by the person concerned can be considered justified in view of the specific circumstances of the individual case.

It should be noted that the ECJ also set limits in C-687/21: If it can be proven that a third party has gained knowledge of the data, mere concern about possible misuse is not sufficient to justify a claim for damages.

This differentiated approach of the ECJ ensures that, on the one hand, the rights of the persons concerned are safeguarded and, on the other hand, that no excessive claims arise. It requires the national courts to carefully weigh up each individual case and thus contributes to a balanced application of Art. 82 GDPR.


Update:
Incidentally, the Freiburg Regional Court has just ruled in this regard

1. in the event of an action for damages under Art. 82 GDPR, it is incumbent on the party bringing the action to prove that it has been affected by a data protection incident to the full satisfaction of the court using the standard of proof set out in Section 286 ZPO. This requirement is not satisfied by a mere reference to the results of a query on the website https:///haveibeenpwned.com, at least not if the defendant has previously stated decidedly on the basis of which specific circumstances it assumes that the hit report of the website https://haveibeenpwned.com/ is not a reliable basis for the assumption that the party to the present proceedings is actually affected by the API bug 2021 at the defendant.

2. if a party to the action alleges that the defendant party has violated provisions of the GDPR that protect it, that it has suffered (non-material) partial damage within the meaning of Art. 82 GDPR as a result, but that further damage is possible, then this procedural constellation is comparable to that involving the violation of an absolute right, not that of the sole assertion of pecuniary damage (a.A.
Regional Court of Stuttgart, judgment of 24.1.2024 27 O 92/23
juris Rn. 33). An interest in a declaratory judgment within the meaning of Section 256 para. 1 ZPO is therefore already to be affirmed if the subsequent realization of further damage in the foreseeable future appears possible according to the nature of the injury, a probability of the occurrence of further damage is not required (contrary to
LG Stuttgart, judgment of 24.1.2024 27 O 92/23
juris Rn. 33)

3. a request for injunctive relief that is not related to the specific form of infringement and is based on the vague term “prior art”, which is subject to interpretation, does not meet the requirements of Section 253 (2) No. 2 ZPO and is inadmissible. A formulation of the application that is subject to interpretation is not acceptable in order to ensure effective legal protection if the party bringing the action could use the formulation of the application to orient itself to the specific form of infringement without jeopardizing effective legal protection (connection BGH, judgment of 6 October 2011 – I ZR 54/10; BGH, judgment of 2 June 2022 – I ZR 140/15 and BGH, judgment of 9 September 2021 – I ZR 113/20).(para.71) (para.72) (para.73)

This topic will probably keep us busy for a while yet!

Current OLG rulings on the subject of data protection

In recent months, several higher regional courts have also dealt with similar issues. Here is an overview of twenty recent OLG rulings on the subject of data protection and data anxiety, sorted by date of decision:

  1. OLG Celle, 04.04.2024, Ref. 5 U 77/23Admissibility of an appeal in proceedings for damages due to GDPR infringement. Source
  2. OLG Dresden, 23.04.2024, Ref. 4 U 3/24Compensation for unauthorized disclosure of health data. Source
  3. OLG Munich, 24.04.2024, Ref. 34 U 2306/23Injunctive relief and interest in a declaratory judgment in the event of data protection violations. Source
  4. OLG Oldenburg, 19.04.2024, Ref. 13 U 59/23, 13 U 79/23, 13 U 60/23No compensation for scraping of telephone numbers. Source
  5. OLG Cologne, 07.12.2023, Ref. 15 U 67/23Scraping due to a data leak on a social media platform. Source
  6. OLG Hamburg, 10.01.2024, Ref. 13 U 70/234,000 euros in non-material damages for unauthorized data disclosure. Source
  7. OLG Dresden, 20.02.2024, Ref. 4 U 1634/23Compensation for unauthorized data processing by employers. Source
  8. OLG Dresden, 09.04.2024, Ref. 4 U 213/24Compensation for the publication of personal data on the Internet. Source
  9. OLG Hamm, 20.01.2023, Ref. 11 U 88/22No compensation for damages in the event of a data leak without concrete impairment. Source
  10. OLG Hamm, 15.08.2023, Ref. 7 U 19/21: Burden of presentation and proof in the event of data protection violations. Source
  11. OLG Stuttgart, 03.04.2023, Ref. 2 U 34/21Compensation for damages in the event of proven impairment of well-being due to data protection violation. Source
  12. OLG Düsseldorf, 15.05.2023, Ref. I-20 U 40/21Compensable damage in the event of loss of control over sensitive health data. Source
  13. OLG Frankfurt, 22.06.2023, Ref. 1 U 152/20No claim in the event of a technical fault without proof of specific damage. Source
  14. OLG Munich, 07.07.2023, Ref. 18 U 2737/21No compensation for damages in the event of mere fear of data misuse without concrete evidence. Source
  15. OLG Hamburg, 14.09.2023, Ref. 3 U 43/20Minor non-material damage in the event of unauthorized disclosure of e-mail addresses. Source
  16. OLG Cologne, 03.11.2023, Ref. 6 U 58/23Unlawfulness of data transfer to Google LLC in the USA. Source
  17. OLG Cologne, 08.07.2022, Ref. 20 U 75/21Data protection in company integration management. Source
  18. OLG Celle, 20.05.2022, Ref. 13 U 406/21Interpretation of the rights to information and copy according to Art. 15 GDPR. Source
  19. OLG Frankfurt, 24.01.2022, Ref. 1 U 369/19Compensation for unlawful data processing by a credit agency. Source
  20. OLG Düsseldorf, 16.12.2021, Ref. I-16 U 264/20Data protection requirements for declarations of consent. Source

These decisions show that the courts take a differentiated view and carefully examine the circumstances of the individual case. For companies and data subjects, the issue of compensation for data breaches therefore remains complex and legally challenging.

Marian Härtel
Author: Marian Härtel

Marian Härtel ist Rechtsanwalt und Fachanwalt für IT-Recht mit einer über 25-jährigen Erfahrung als Unternehmer und Berater in den Bereichen Games, E-Sport, Blockchain, SaaS und Künstliche Intelligenz. Seine Beratungsschwerpunkte umfassen neben dem IT-Recht insbesondere das Urheberrecht, Medienrecht sowie Wettbewerbsrecht. Er betreut schwerpunktmäßig Start-ups, Agenturen und Influencer, die er in strategischen Fragen, komplexen Vertragsangelegenheiten sowie bei Investitionsprojekten begleitet. Dabei zeichnet sich seine Beratung durch einen interdisziplinären Ansatz aus, der juristische Expertise und langjährige unternehmerische Erfahrung miteinander verbindet. Ziel seiner Tätigkeit ist stets, Mandanten praxisorientierte Lösungen anzubieten und rechtlich fundierte Unterstützung bei der Umsetzung innovativer Geschäftsmodelle zu gewährleisten.

Tags: AnalyseBurden of proofCelleDamagesDresdenE‑mailEntscheidungenFrankfurtFrankfurt Higher Regional CourtGDPRGoogleHaftungHamburgInjunctive reliefinternetJudgmentsMailMediaolgPersonal dataPrivacyRegulation

Weitere spannende Blogposts

BGH will decide on the reimbursement of bets

Lottery brokerage/gambling/betting on the Internet without permission?
17. May 2024

It's about time. The First Civil Senate of the Federal Court of Justice has to decide whether a sports betting...

Read moreDetails

Dealers on online marketplaces; 1.10.2019 and 22f UStG

Tax treatment of Upwork in Germany?
20. September 2019

Many online retailers still do not seem to have noticed that an important deadline expires on October 1, 2019, i.e....

Read moreDetails

Online shops and payment services supervision law

Online shops and payment services supervision law
18. March 2019

Some online services offer a fiduciary process for your business model when customers interact with each other. This is also...

Read moreDetails

Online retailer: Notice of warranty of defects

Online retailer: Notice of warranty of defects
19. November 2018

At the moment, there seems to be a new round of warnings if, in the case of online retailers, in...

Read moreDetails

DLT and the legal profession

Startup financing through tokenized profit participation rights and related financing options.
6. December 2022

Introduction The digitization of larger sectors encounters organizational, technical and legal problems. The potential applications of blockchain technology offer a...

Read moreDetails

Terms and Conditions and Prohibited Clauses

Terms and Conditions and Prohibited Clauses
1. March 2019

Prohibited clauses in player contracts of esport teams A few days ago, I reported how many types of contracts are...

Read moreDetails

Brexit and data protection, review contracts and service providers

ITMediaLaw: Http3 on Litespeed Server
7. November 2022

Earlier this year, I already warned about Brexit and data protection in this article. However, that was before the UK's...

Read moreDetails

Corona crisis: Where is aid available from development banks?

Corona crisis: Where is aid available from development banks?
7. November 2022

In Germany, we live under federalism, and therefore the various state banks and other institutions in this country are what...

Read moreDetails

What legal form as an esport team?

What legal form as an esport team?
7. November 2022

What legal form should you aim for if you want to start or professionalize an esports team? The answer to...

Read moreDetails
BGH-Coaching-Urteil 2025: Online-Coachings als Fernunterricht – ZFU-Pflicht und Vertragsnichtigkeit
Law on the Internet

BGH-Coaching-Urteil 2025: Online-Coachings als Fernunterricht – ZFU-Pflicht und Vertragsnichtigkeit

18. July 2025

Ein neues BGH-Urteil sorgt für eine Schockwelle in der Coaching-Branche: Am 12. Juni 2025 hat der Bundesgerichtshof (BGH) entschieden, dass...

Read moreDetails
Eigentum an Software – Wem gehört eigentlich der Code?

Eigentum an Software – Wem gehört eigentlich der Code?

14. July 2025
Startup ohne Entwickler?

Startup ohne Entwickler?

8. July 2025
Keine stillschweigende AGB-Änderung – Schweigen gilt nicht als Zustimnung

Keine stillschweigende AGB-Änderung – Schweigen gilt nicht als Zustimnung

7. July 2025
So langsam nimmt der Shop Form an

So langsam nimmt der Shop Form an

3. July 2025

Podcastfolge

Rechtskette beim Spieleentwickler

Rechtskette beim Spieleentwickler

19. April 2025

In dieser kurzen Episode diskutieren Anna und Max die Bedeutung der Rechtekette im Game Development – ein zentraler Aspekt für...

Read moreDetails
7c0b449a651fe0b81e5eec2e23515012 2

Urheberrecht im Digitalen Zeitalter

22. December 2024
KI im Rechtssystem: Auf dem Weg in eine digitale Zukunft der Justiz

KI im Rechtssystem: Auf dem Weg in eine digitale Zukunft der Justiz

13. October 2024
Rechtliche Grundlagen und Praxis von Open Source in der Softwareentwicklung

Rechtliche Grundlagen und Praxis von Open Source in der Softwareentwicklung

19. April 2025
Globale Herausforderungen für Startups – Ein rechtlicher Leitfaden

Globale Herausforderungen für Startups – Ein rechtlicher Leitfaden

2. October 2024

Video

Mein transparente Abrechnung

Mein transparente Abrechnung

10. February 2025

In diesem Video rede ich ein wenig über transparente Abrechnung und wie ich kommuniziere, was es kostet, wenn man mit...

Read moreDetails
Faszination zwischen und Recht und Technologie

Faszination zwischen und Recht und Technologie

10. February 2025
Meine zwei größten Herausforderungen sind?

Meine zwei größten Herausforderungen sind?

10. February 2025
Was mich wirklich freut

Was mich wirklich freut

10. February 2025
Was ich an meinem Job liebe!

Was ich an meinem Job liebe!

10. February 2025
  • Privacy policy
  • Imprint
  • Contact
  • About lawyer Marian Härtel
Marian Härtel, Rathenaustr. 58a, 14612 Falkensee, info@itmedialaw.com

Marian Härtel - Rechtsanwalt für IT-Recht, Medienrecht und Startups, mit einem Fokus auf innovative Geschäftsmodelle, Games, KI und Finanzierungsberatung.

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
  • en English
  • de Deutsch
Kostenlose Kurzberatung