The ECJ has ruled in the Judgment C‑300/21 of May 4, 2023 in the case of Öster­rei­chi­sche Post AG dealt with com­pen­sa­ti­on for dama­ges in the event of vio­la­ti­ons of the GDPR. The start­ing point was a suc­cessful cla­im for payment of EUR 1,000 against Austri­an Post as com­pen­sa­ti­on for non-mate­ri­al damage.

The ECJ has sta­ted that

  • a breach of the GDPR is not in its­elf suf­fi­ci­ent to give rise to a cla­im for dama­ges. On the con­tra­ry, it fol­lows from the auto­no­mous inter­pre­ta­ti­on that an Dama­ge pre­sent must;
  • the dama­ge, howe­ver not a cer­tain mate­ria­li­ty The ECJ refers here to its usu­al case law that the GDPR wants a high level of pro­tec­tion; a cir­cular argu­ment, becau­se the inter­pre­ta­ti­on of the GDPR thus beco­mes the stan­dard of interpretation;
  • the per­son con­cer­ned the dama­ge pro­ve must; and
  • the Dimen­sio­ning of dama­ges fol­lows natio­nal law, as long as this remains within cer­tain limits of EU law.