UI v ÖSterreichische Post AG: When Can Non-material Loss for Data Infringement Be Claimed?

GDPREU GDPRprivacyEU Law
Written By Charlotte Gerrish

In the recent case of UI v Österreichische Post AG it was argued whether the award of compensation under Article 82 of Regulation (EU) 2016/679 1 (of the GDPR) was applicable. The question that was presented was whether an individual could claim compensation under the GDPR just because their rights were infringed, or whether they have to explicitly show that they suffered harm as a result of the infringement. 

It was found that compensation could only be claimed in cases of data infringement where the defendant has violated the GDPR and where the infringement has directly caused material or non-material damage suffered by the individual. 

UI v ÖSterreichische Post AG Case Details

In this case, the Austrian postal company, Österreichische Post collected information about the Austrian population’s political affinities. They did this by using an algorithm based on social and demographic criteria which was then sold to third-party organisations to help them direct targeted advertising.  

Österreichische Post processed the data of an Austrian individual and made findings that led them to believe that the individual had particularly strong affinities with a certain political party. Although this information was not passed on to any third party, the Austrian individual brought a claim against the postal company for processing his personal data without consent and was offended by the fact that ties were made between him and the political party. 

In this case, the individual said that “the fact that data relating to his supposed political opinions were retained within that company caused him great upset, a loss of confidence, and a feeling of exposure.” As such, he asked the court to impose an injunction on Österreichische Post to stop them from processing his personal data and, compensation amounting to EUR 1,000 for the non-material damage he claimed to have suffered.

Interpretation of Article 82 

The court had to interpret Article 82 of the GDPR which states that “any person who has suffered material or non-material damage as a result of an infringement of the GDPR shall have the right to receive compensation from the controller or processor for the damage suffered.” 

The following key questions were considered (in para 19):

  • “Does the award of compensation under Article 82 of (the GDPR) also require that an applicant must have suffered harm, or is the infringement of provisions of the GDPR in itself sufficient for the award of compensation?

  • Do further EU-law requirements need to be considered when assessing compensation?

  • Is it compatible with EU law that compensation for non-material damage must be given only where there is a consequence (or effect) of the infringement beyond just being upset by the infringement?” 

Key Takeaways

Non-material damage refers to pain and suffering rather than financial loss. Recital 146 of the GDPR outlines that a broad interpretation of ‘damage’ should be adopted under Article 82. 

This case confirmed that non-material damage must be compensated, “if it is tangible, even if it is minor”. On the other hand, non-material damages should not be compensated “if it appears to be completely negligible” meaning insignificant or small. In this case, it was found that merely feeling distressed or upset does not amount to non-material damage that can be compensated. 

“What is interesting in this case is that it sets a precedent for other member states which will interpret the GDPR regulations according to their own standards. Under Article 82, there is no minimum threshold for what is considered non-material damages, therefore it is down to each country to assess the seriousness of the loss. This case clarifies that there is no automatic right to compensation just because there has been a data infringement.”

Charlotte Gerrish of Gerrish Legal 

For companies, this outcome may be welcomed since it protects organisations that collect and process individuals’ data from being subject to compensation claims in instances where insignificant loss is suffered. It restricts individuals from bringing claims and gaining money for distress or upset which can be difficult to assess, especially when everyone reacts differently.

How Can Gerrish Legal Help?

Gerrish Legal is a dynamic digital law firm. We pride ourselves on giving high-quality and expert legal advice to our valued clients. We specialise in many aspects of digital law such as GDPR, data privacy, digital and technology law, commercial law, and intellectual property. 

We give companies the support they need to successfully and confidently run their businesses whilst complying with legal regulations without the burdens of keeping up with ever-changing digital requirements.

We are here to help you, get in contact with us today for more information.


Charlotte Gerrish
Previous

Meta Fined Record Amount by the Irish DPC for Data Breaches
Next

Should AI Be Regulated?