AI Content Chat (Beta) logo

Claim of non-material damages rejected by Court Summary Our remarks Following the expiration of a fixed-term employment • Even though the German Court applies a broad contract, a photograph of the data subject, along interpretation of the right to compensation for non- with his name, was still available on the Internet in material damages, there must be indicators that connection with the former employer’s (controller) the data subject has been significantly affected company. In a letter dated 12 September 2018, the data by the infringement. The threshold at which the subject requested the plaintiff to delete these entries. severity of the infringement needs to be evaluated During an internet search on 10 and 11 October 2018, the varies on a case-by-case basis and requires data subject found entries by the former employer with individual consideration. his name and photo via Google. • When doing a risk assessment, take into account The data subject further argued that the unauthorized the nature and severity of a possible infringement. publication of his photo and his name in connection with the controller’s company put him at a noticeable ° Examples of recognized non-material damages disadvantage in his work as a freelance real estate include feelings of uncertainty, loss of trust and agent. The data subject argued that several potential anxiety about (potential) misuse of personal data. business partners would have refused to work with him These risks need to be assessed in conjunction with because of the former employer’s bad reputation in the severity of the infringement. the real estate industry. He was of the opinion that the • To avoid being held liable for inflicting non-material immaterial damage he had suffered because of this damages or the risk of future material damages should amount to at least 25.000 EUR and declared the because of a data breach, ensure adequacy of offsetting of this claim as compensation. technical and organizational security measures: The Decision of the Higher Regional Court of ° Ensure that only current third-party business Brandenburg (OLG Brandenburg) relations have access to your systems. Conduct OLG Brandenburg rejected the claim for damages for regular security assessments and penetration the following reasons: testing to identify vulnerabilities in your system and organization (including partners) and implement A claim for damages can only arise from GDPR, Article adequate measures to address them. 82, if concrete damage has been fully presented. The Court stated that such a claim had no material ° Monitor access to personal data, limit it to authorized prospect of success in this case. A mere breach is not personnel (internally as well as third parties), and sufficient for claiming non-material damages. revoke access for those who no longer require access. Published: 11-08-2021 Journal number: 1 U 69/20 Tags: 08 Compensation for non-material damages 64 Published: 24-02-2022 Journal number: I ZR 2/21 Tags: 01 Legal basis and principles of processing

Complycloud EU GDPR Report - Page 64 Complycloud EU GDPR Report Page 63 Page 65