Damages For GDPR Violation – Austrian Supreme Court Refers Several Questions To Court Of Justice Of The European Union (Cjeu)


The Austrian Supreme Court paved the way for a more coherent interpretation of the GDPR regarding damages by initiating the preliminary reference procedure. In its reference for a preliminary ruling, the Austrian Supreme Court asked several questions on the interpretation of Art. 82 GDPR. The forthcoming clarification of fundamental questions on damages in the legal system of the GDPR will have a considerable influence on corresponding and future court proceedings in all European member states.

Facts about the pending case

As reported in an earlier article, this case concerns the data protection scandal in Austria from 2019 concerning the Austrian Post. The company had calculated the “political affinity” of millions of Austrians based on sociodemographic factors. The plaintiff in the pending case argued that, as a result of the unlawful processing (in the current case the data were not sold) he suffered immaterial damage because the algorithm assigned him “high affinity” to the right-wing party FPÖ (Austrian Freedom Party). He argues that he does not sympathize with far right-wing parties in general and therefore this calculated “political affinity” is an insult and caused him a lot of anger. EUR 1,000 in immaterial damages are sought.


Questions referred to the CJEU

The Austrian Supreme Court referred the following three questions to the CJEU:

  1. Is it necessary that the plaintiff has suffered damages or is the breach of provisions of the GDPR itself sufficient to award damages under Art. 82 GDPR?
  2. Are there any other requirements for the assessment of damages in addition to the principles of effectiveness and equivalence under European law?
  3. Does an award of immaterial damage require that the infringement has consequences of at least some weight which goes beyond the distress caused by the infringement?

Interestingly, in the reasoning for initiating the preliminary reference procedure the Supreme Court refers to the judgment of the German Constitutional Court (1 BvR 2853/19). In this case, the Constitutional Court decided that the right to a fair trial (Art. 6 ECHR) was infringed because the lower Court of Goslar did not refer the question regarding the interpretation of Art 82 GDPR for a preliminary ruling to the CJEU, even though the interpretation was not clear enough. The Austrian Supreme Court stated that it does not share this point of view, but for the sake of a more coherent interpretation of European law it nevertheless refers the above-mentioned questions to the CJEU.


Conclusion and possible outcome

There has been a long debate on how to interpret Art. 82 GDPR and it may “soon” (on average the duration of a preliminary reference procedure is 1,5 years) come to an end. Even in a small European country like Austria, lower Courts have decided differently on this issue. Therefore, the decision of the Austrian Supreme Court to reference for preliminary ruling can be seen as a positive development for legal certainty. Even though predicting judgments of the CJEU have proven to be difficult, it seems the CJEU has taken a quite consumer friendly approach in the past couple of years in the area of data protection. A broad interpretation and extensive liability under Art 82 GDPR could be possible. The final word in this matter has not yet been spoken, but either way the decision of the CJEU will have a substantial impact on the future of privacy litigation.


Article provided by: Stephan Winklbauer (AHW Law, Austria)



Discover more about INPLP, the INPLP-Members and the GDPR-FINE database

Dr. Tobias Höllwarth (Managing Director INPLP)

What is the INPLP?

INPLP is a not-for-profit international network of qualified professionals providing expert counsel on legal and compliance issues relating to data privacy and associated matters. INPLP provides targeted and concise guidance, multi-jurisdictional views and practical information to address the ever-increasing and intensifying field of data protection challenges. INPLP fulfils its mission by sharing know-how, conducting joint research into data processing practices and engaging proactively in international cooperation in both the private and public sectors.