The German Federal Court of Justice (BGH) has referred to the ECJ the question of whether Member States may be authorized to pursue infringements of the GDPR under civil law, i.e. – pursuant to Media release of the BGH -
whether the provisions made in Chapter VIII, in particular in Article 80 (1) and (2) and Article 84 (1) of the [GDPR]. national regulations, which – in addition to the powers of intervention of the supervisory authorities responsible for monitoring and enforcing the regulation and the legal protection options of the data subjects – on the one hand Competitors and on the other hand associations authorized under national law, grant institutions and chambers the authority to act on account of Violations of the General Data Protection Regulation irrespective of the infringement of concrete rights of individual data subjects and without the order of a data subject against the infringer by way of a Action before the civil courts to proceed.
In this regard, the BGH (in the same media release):
This question has been discussed in the case law of the courts of instance and in the legal literature. disputed. It is considered that the General Data Protection Regulation is a final regulation for the enforcement of the data protection provisions set out in this Regulation and that associations therefore only have legal standing under the conditions of Article 80 of the General Data Protection Regulation – which were not met in the case in question. Others consider the provisions made in the basic data protection regulation for the enforcement of rights to be not for final and associations therefore continue to consider themselves authorized to enforce claims for injunctive relief on account of the infringement of data protection provisions by way of action before the civil courts, irrespective of the infringement of specific rights of individual data subjects and without the commission of a data subject. […].