On September 4, 2020, the Hamburg Regional Court ruled, among other things, on a claim for compensation for immaterial damage (Judgment 324 S 9/19). The background was a data collection via an appointment entry form on a website. The Hamburg Regional Court dismissed a claim for non-material damages because such damage had not been proven (cf. on this already here):
32 2) The plaintiff is also not entitled to claim compensation for non-material damages (“damages for pain and suffering”) against the defendant under Article 82 GDPR or any other legal aspect. The occurrence of damage is required for the award of a claim for damages. The plaintiff has neither presented this nor is it otherwise evident. The breach of data protection regulations alone does not lead to an obligation of the controller to pay damages (so also LG Karlsruhe, judgment of 2.8.2019 – 8 O 26/19 = ZD 2019, 511). The prerequisite for a claim for damages under Article 82 (1) of the GDPR, which is directly applicable in national law and does not exclude other bases for claims (Nemitz, in: Ehmann/Selmayr, DS-GVO, 2nd ed., Art. 82 para. 7), is a breach of the GDPR and damage caused thereby, which a plaintiff must demonstrate and prove (LG Karlsruhe loc. cit.).
33 According to recital 146, the Concept of damage to be interpreted broadlyso that data subjects receive effective compensation. Recital 85 states that a personal data breach may result in physical, material or non-material harm to individuals – such as loss of control over their personal data or restriction of their rights, discrimination, identity theft or fraud, financial loss, unauthorized removal of pseudonymization, or damage to reputation – if not addressed in a timely and appropriate manner.
34 Accordingly, no serious violation of the right of personality is required in order to claim non-material damage (Gola/Piltz, DS-GVO, 2nd edition, Art. 82 para. 13). Nevertheless, not every breach of the GDPR already leads to a compensation obligationThe obligation to compensate for non-material damage must be countered by an identifiable and insofar actual violation of personality rights, which can, for example, lie in the “exposure” associated with the unlawful disclosure of data (Karlsruhe Regional Court, loc. cit.).