IP case law Court of Justice

Article 82 - Right to compensation and liability

Home > Personal Data Protection > General Data Protection Regulation (GDPR) > Article 82 - Right to compensation and liability
5 pending referrals

Referral C-654/25 (Undelam, 6 Oct 2025)


Referral C-416/25 (Freie und Hansestadt Hamburg, 25 Jun 2025)


Referral C-185/25 (Waldfelber, 7 Mar 2025)


Referral C-526/24 (Brillen Rottler, 31 Jul 2024)


Referral C-484/24 (NTH Haustechnik, 10 Jul 2024)


3 preliminary rulings

Judgment of 4 Sep 2025, C-655/23 (Quirin Privatbank)

Article 82(1) of Regulation 2016/679 must be interpreted as meaning that the concept of ‘non-material damage’ in that provision encompasses negative feelings experienced by the data subject as a result of an unauthorised transmission of his or her personal data to a third party, such as fear or annoyance, which are caused by a loss of control over those data, by a potential misuse of those data or by harm to his or her reputation, provided that the data subject demonstrates that he or she has such feelings, with their negative consequences, on account of the infringement of that regulation.

Article 82(1) of Regulation 2016/679 must be interpreted as precluding the degree of fault on the part of the controller from being taken into account for the purpose of assessing the compensation for non-material damage payable under that article.

Article 82(1) of Regulation 2016/679 must be interpreted as precluding the fact that the data subject has obtained, under the applicable national law, an injunction to prohibit the reiteration of an infringement of that regulation, enforceable against the controller, from being taken into account in order to reduce the extent of the financial compensation for non-material damage payable under that article or, a fortiori, to replace that compensation.

Judgment of 4 Oct 2024, C-507/23 (Patērētāju tiesību aizsardzības centrs)

  1. Article 82(1) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), read in the light of Article 8(1) of the Charter of Fundamental Rights of the European Union must be interpreted as meaning that an infringement of the provisions of that regulation is not sufficient, in itself, to constitute ‘damage’ within the meaning of Article 82(1).  

Article 82(1) of Regulation 2016/679 must be interpreted as meaning that the making of an apology may constitute sufficient compensation for non-material damage on the basis of that provision, inter alia where it is impossible to restore the situation that existed prior to the occurrence of that damage, provided that that form of redress is such as to compensate in full the damage suffered by the data subject.  

Article 82(1) of Regulation 2016/679 must be interpreted as precluding the taking into account of the attitude and motivation of the controller in order, where relevant, to award compensation to the data subject that is lower than the damage he or she has actually suffered.  

Judgment of 4 Oct 2024, C-200/23 (Agentsia po vpisvaniyata)

Article 82(1) of Regulation 2016/679 must be interpreted as meaning that a loss of control, for a limited period, by the data subject over his or her personal data, on account of those data being made available online to the public, in the commercial register of a Member State, may suffice to cause ‘non-material damage’, provided that that data subject demonstrates that he or she has actually suffered such damage, however minimal, without that concept of ‘non-material damage’ requiring that the existence of additional tangible adverse consequences be demonstrated.  

Article 82(3) of Regulation 2016/679 must be interpreted as meaning that an opinion of the supervisory authority of a Member State, issued on the basis of Article 58(3)(b) of that regulation, is not sufficient to exempt from liability, under Article 82(2) of that regulation, the authority responsible for maintaining the commercial register of that Member State which has the status of ‘controller’, within the meaning of Article 4(7) of that regulation.  

Disclaimer