• Mehr als 3 Millionen Wörter Inhalt
  • |
  • info@itmedialaw.com
  • |
  • Tel: 03322 5078053
SAVED POSTS
Rechtsanwalt Marian Härtel - ITMediaLaw

No products in the cart.

  • en English
  • de Deutsch
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
Kurzberatung
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
Rechtsanwalt Marian Härtel - ITMediaLaw

ECJ rulings strengthen data protection: important clarifications on liability and compensation for damages

15. December 2023
in Data protection Law
Reading Time: 4 mins read
0 0
A A
0
eugh urteile staerken datenschutz wichtige klarstellungen bei haftung und schadensersatz 2
Key Facts
  • The ECJ rulings set new standards in data protection law under the GDPR.
  • Judgment C-340/21 emphasizes differentiated view of liability and security measures in the event of data breaches.
  • The burden of proof for appropriate security measures lies with the data processor.
  • Judgment C-456/22 recognizes immaterial damages and excludes de minimis limit.
  • The fear of identity theft is recognized as immaterial damage.
  • Companies must adapt their data protection strategies to new legal frameworks.
  • The rulings require comprehensive expertise in data protection law and proactive risk management.

The recent decisions of the European Court of Justice (ECJ) in the cases Natsionalna agentsia za prihotide (C-340/21) and Gemeinde Ummendorf (C-456/22) set new standards in data protection law under the General Data Protection Regulation (GDPR). These rulings provide significant clarification with regard to liability issues in the event of data protection breaches and the recognition of immaterial damages.

Content Hide
1. Liability and safety measures
2. Recognition of immaterial damages
3. Implications and conclusion
3.1. Author: Marian Härtel

Liability and safety measures

Judgment C-340/21 focuses on the issue of liability for data breaches, a topic of great importance in today’s digital landscape. In this ruling, the European Court of Justice (ECJ) clarifies that a data breach alone does not automatically imply that a data processor’s security measures are inadequate. This finding is of crucial importance as it underlines the need for a differentiated approach in cases of data breaches.

Courts are now required to carry out a concrete assessment of the security measures implemented by data processors. This means that not every data breach automatically entails liability on the part of the data processor. Rather, the courts must examine whether the measures taken were appropriate, taking into account all relevant circumstances. In this context, the burden of proof for the adequacy of the security measures lies with the data processor. The latter must be able to demonstrate that it has taken all necessary and reasonable steps to ensure the security of the personal data processed.

Furthermore, the ECJ has clarified that a data processor can be held liable if unauthorized access to personal data is gained by third parties. This is particularly relevant in cases of cyberattacks or data leaks where external actors penetrate the data systems. In such situations, however, the data processor can avoid liability if it can prove that it is not responsible in any way for the damage caused. This presupposes that the data processor has taken appropriate technical and organizational measures to prevent such incidents.

This ruling has far-reaching implications for the practice of data processing and data protection management in companies. It emphasizes the importance of a careful and proactive approach to data protection and data security in order to prevent potential liability risks. Companies must therefore continuously review and adapt their data protection strategies in order to meet the constantly changing requirements and threats.

The fact that the liability of companies now also depends on the security measures implemented in advance could massively change the work of data protection lawyers and data protection officers. These professionals are now faced with the challenge of not only ensuring compliance with data protection regulations, but also proactively developing and implementing risk management strategies that meet the latest legal requirements. This requires in-depth knowledge of the technical and organizational aspects of data protection and constant adaptation to the evolving legal situation.

Recognition of immaterial damages

The judgment C-456/22 of the European Court of Justice (ECJ) marks a significant step forward in the area of data protection law, in particular with regard to the right to compensation for non-material damage. This ruling rules out the application of a de minimis limit for immaterial damages. This is a significant development as it means that even minor non-material damage resulting from data breaches can be recognized and compensated.

This decision of the ECJ expands the understanding of damage in the context of the GDPR. It recognizes that the fear of misuse of personal data, even if no actual misuse has taken place, can constitute immaterial damage. This reflects the growing recognition of the psychological and emotional impact that data breaches can have on individuals. The fear of identity theft, fraud or loss of privacy can have a significant impact on the well-being of the people concerned.

Furthermore, the ruling underlines the importance of protecting personal data and strengthens the rights of individuals in the digital age. It sends a clear signal to companies and organizations that they can be held liable not only for material damage, but also for immaterial damage caused by their data processing activities. This increases the pressure on companies to implement effective data protection measures and to take user privacy seriously.

In practice, this means that data protection violations can not only have financial consequences, but can also lead to claims for compensation for non-material damage. This requires a careful assessment of the risks and potential impact of data breaches, both from a legal and ethical perspective. Companies and organizations must therefore rethink their data protection practices and ensure that they not only comply with legal requirements, but also protect the rights and well-being of data subjects.

Implications and conclusion

The rulings of the European Court of Justice in cases C-340/21 and C-456/22 have far-reaching implications that go beyond the immediate question of liability for data breaches. They signal an increased legal responsibility and sensitivity for data protection in the EU, which will have a significant impact on the practice of data processing and security as well as on case law in data protection matters.

Companies are now faced with the challenge of fundamentally rethinking their data protection strategies. This concerns not only the implementation and regular review of effective security measures, but also a comprehensive adaptation of their data protection policies and procedures. The ECJ’s decisions could lead to stricter practice in the assessment of data protection breaches and to an increase in lawsuits for non-material damages. This requires companies to proactively manage risk and continuously adapt to the changing legal framework.

Furthermore, these rulings not only influence advice on data protection issues, but also have far-reaching consequences for other legal areas such as general terms and conditions, contract law and management consultancy. The need to integrate data protection aspects into general terms and conditions and contracts is becoming increasingly important. Companies must ensure that their contracts and T&Cs reflect the latest data protection requirements while clearly defining the rights and obligations of all parties.

Overall, these developments require in-depth expertise in data protection law and flexible adaptation to the dynamic legal landscape. For lawyers, data protection officers and management consultants, this means that they must continuously update and expand their consulting approaches in order to offer their clients comprehensive and up-to-date solutions. The ECJ rulings underline the importance of holistic and forward-looking legal advice that takes into account both the current legal requirements and the potential risks and opportunities for companies.

Marian Härtel
Author: Marian Härtel

Marian Härtel ist Rechtsanwalt und Fachanwalt für IT-Recht mit einer über 25-jährigen Erfahrung als Unternehmer und Berater in den Bereichen Games, E-Sport, Blockchain, SaaS und Künstliche Intelligenz. Seine Beratungsschwerpunkte umfassen neben dem IT-Recht insbesondere das Urheberrecht, Medienrecht sowie Wettbewerbsrecht. Er betreut schwerpunktmäßig Start-ups, Agenturen und Influencer, die er in strategischen Fragen, komplexen Vertragsangelegenheiten sowie bei Investitionsprojekten begleitet. Dabei zeichnet sich seine Beratung durch einen interdisziplinären Ansatz aus, der juristische Expertise und langjährige unternehmerische Erfahrung miteinander verbindet. Ziel seiner Tätigkeit ist stets, Mandanten praxisorientierte Lösungen anzubieten und rechtlich fundierte Unterstützung bei der Umsetzung innovativer Geschäftsmodelle zu gewährleisten.

Tags: AGBBeratungBurden of proofCase lawContract lawCustomizationDamagesData protection LawDevelopmentEntscheidungenEuGDPRGeneral Data Protection RegulationGeneral Terms and ConditionsHaftungJudgmentJudgmentsLegal advicePrivacyReviewRisk ManagementSicherheitVerträge

Weitere spannende Blogposts

What is the Artificial Intelligence Act?

What is the Artificial Intelligence Act?
6. January 2023

Introduction The Artificial Intelligence Act is a proposal for a European law on artificial intelligence (AI) - the first law....

Read moreDetails

Client portal under test

Client portal under test
7. November 2022

As announced, I activated the client portal for my clients over the weekend and it is now running stably in...

Read moreDetails

The MiCAR regulation is coming

744528b528e546596171b3d29c620a26
26. June 2024

The new EU Markets in Crypto-Assets Regulation (MiCAR) was published in the Official Journal of the European Union on June...

Read moreDetails

Affiliate links must be labeled as advertising

Attention: Affiliates on YouTube, gaming websites and other networks
13. August 2024

In a recent ruling (Ref. 29 U 1582/19), the Munich Higher Regional Court clarified that online teasers with affiliate links...

Read moreDetails

Influencer: Kammergericht mitigates LG Berlin

Brief reminder: Influencer as target of warning letters
7. November 2022

In the meantime, you can also find some explanations on my blog about case law concerning influencers. Just scroll down...

Read moreDetails

ECJ will deal with Bittorrent and the seeding of porn

Publication of sales advertisements and classification as a trader
7. November 2019

New referral procedure of the ECJ The ECJ will deal with interesting questions from the file-sharing sector in a referral...

Read moreDetails

Online services: Don’t forget the cancellation button!

Online services: Don’t forget the cancellation button!
14. November 2022

Since July 1, 2022, companies operating in Germany (not only resident!!) must offer the so-called cancellation button on their websites....

Read moreDetails

DOSB rejects eSports!

7. November 2022

The German Olympic Sports Confederation has rejected eSports or, as the professionals from Frankfurt call it, eGaming, and refused to...

Read moreDetails

Preparing for Brexit?

Preparing for Brexit?
10. October 2019

Even if you never know for sure, it looks as if the UK will leave the European Union on 1...

Read moreDetails
Contractual regulations for no-code/low-code software development
Other

Contractual regulations for no-code/low-code software development

21. May 2025

No-code and low-code platforms enable rapid software development without extensive manual programming. Applications are increasingly being developed on the basis...

Read moreDetails
Erotic content on OnlyFans: Copyright and personality rights protection for creators

Erotic content on OnlyFans: Copyright and personality rights protection for creators

20. May 2025
Goodbye hustle culture? Startup life between 24/7 grind and work-life balance

Goodbye hustle culture? Startup life between 24/7 grind and work-life balance

19. May 2025
Startup buzzwords 2025: Bullshit bingo in marketing German Introduction: Bullshit bingo in marketing German

Startup buzzwords 2025: Bullshit bingo in marketing German Introduction: Bullshit bingo in marketing German

18. May 2025
From the metaverse boom to AI euphoria – a tech lawyer in the hype cycle

From the metaverse boom to AI euphoria – a tech lawyer in the hype cycle

17. May 2025

Podcastfolge

7c0b449a651fe0b81e5eec2e23515012 2

Copyright in the digital age

15. January 2025

This insightful 20-minute podcast episode by and with me explores the complex topic of copyright in the digital age. The...

Read moreDetails
75df8eaa33cd7d3975a96b022c65c6e4

Life as an IT lawyer, work-life balance, family and my career

26. September 2024
8315f1ef298eb54dfeed2f5e55c8b9da 1

First test episode of the ITMediaLaw Podcast

26. August 2024
43a60cb39d7ea477ac8f3845c1b7739c

Legal advice for start-ups – investments that pay off

8. December 2024
d00527fd01b1f807a4f80c0f202069e7

Legal basics for startup founders – how to start on the safe side!

9. November 2024

Video

My transparent billing

My transparent billing

10. February 2025

In this video, I talk a bit about transparent billing and how I communicate what it costs to work with...

Read moreDetails
Fascination between law and technology

Fascination between law and technology

10. February 2025
My two biggest challenges are?

My two biggest challenges are?

10. February 2025
What really makes me happy

What really makes me happy

10. February 2025
What I love about my job!

What I love about my job!

10. February 2025
  • Privacy policy
  • Imprint
  • Contact
  • About lawyer Marian Härtel
Marian Härtel, Rathenaustr. 58a, 14612 Falkensee, info@itmedialaw.com

Marian Härtel - Rechtsanwalt für IT-Recht, Medienrecht und Startups, mit einem Fokus auf innovative Geschäftsmodelle, Games, KI und Finanzierungsberatung.

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
  • en English
  • de Deutsch
Kostenlose Kurzberatung