The Ger­man Fede­ral Court of Justi­ce (BGH) has refer­red to the ECJ the que­sti­on of whe­ther Mem­ber Sta­tes may be aut­ho­ri­zed to pur­sue inf­rin­ge­ments of the GDPR under civil law, i.e. – pur­su­ant to Media release of the BGH -

whe­ther the pro­vi­si­ons made in Chap­ter VIII, in par­ti­cu­lar in Artic­le 80 (1) and (2) and Artic­le 84 (1) of the [GDPR]. natio­nal regu­la­ti­ons, which – in addi­ti­on to the powers of inter­ven­ti­on of the super­vi­so­ry aut­ho­ri­ties respon­si­ble for moni­to­ring and enfor­cing the regu­la­ti­on and the legal pro­tec­tion opti­ons of the data sub­jects – on the one hand Com­pe­ti­tors and on the other hand asso­cia­ti­ons aut­ho­ri­zed under natio­nal law, grant insti­tu­ti­ons and cham­bers the aut­ho­ri­ty to act on account of Vio­la­ti­ons of the Gene­ral Data Pro­tec­tion Regu­la­ti­on irre­spec­ti­ve of the inf­rin­ge­ment of con­cre­te rights of indi­vi­du­al data sub­jects and wit­hout the order of a data sub­ject against the inf­ring­er by way of a Action befo­re the civil courts to proceed.

In this regard, the BGH (in the same media release):

This que­sti­on has been dis­cus­sed in the case law of the courts of instance and in the legal lite­ra­tu­re. dis­pu­ted. It is con­side­red that the Gene­ral Data Pro­tec­tion Regu­la­ti­on is a final regu­la­ti­on for the enforce­ment of the data pro­tec­tion pro­vi­si­ons set out in this Regu­la­ti­on and that asso­cia­ti­ons the­r­e­fo­re only have legal stan­ding under the con­di­ti­ons of Artic­le 80 of the Gene­ral Data Pro­tec­tion Regu­la­ti­on – which were not met in the case in que­sti­on. Others con­sider the pro­vi­si­ons made in the basic data pro­tec­tion regu­la­ti­on for the enforce­ment of rights to be not for final and asso­cia­ti­ons the­r­e­fo­re con­ti­n­ue to con­sider them­sel­ves aut­ho­ri­zed to enforce claims for injunc­ti­ve reli­ef on account of the inf­rin­ge­ment of data pro­tec­tion pro­vi­si­ons by way of action befo­re the civil courts, irre­spec­ti­ve of the inf­rin­ge­ment of spe­ci­fic rights of indi­vi­du­al data sub­jects and wit­hout the com­mis­si­on of a data subject. […].

AI-gene­ra­ted takea­ways can be wrong.