Court case 201905087/1/A2 – Court Ruling (Netherlands, 2020)

The Dutch Council of State ruled on a claim for damages filed by a citizen whose data (name and address) were communicated via email between local authorities. This communication was intended to exchange data between municipalities to prevent abuse of the Public Administration Act when several requests for access to documents were made by the same applicant. The Council of State had to determine whether the processing of information by the local authorities had a legal ground under Article 6 of the GDPR, and whether such a violation would entitle the claimant to a compensation for moral damage. The lower court already recognized that the communication of the residence of the applicant was violating the principle of data minimization. However, regarding the claim for damages, the CoS notes that though Article 82(1) of the GDPR states that full compensation for actual non-material damage resulting from breaches of the GDPR must take place in a manner that does justice to the objectives of the Regulation, the GDPR does not specify how the non-material damage is to be determined and calculated. However, the Court of Justice has consistently held that the damage to be compensated must be real and certain. In this case, the CoS considers that the appellant does not bring the prove of his/her actual damage caused by the violation. The fact that an infringement of the AVG may result in material or immaterial damage and that a person concerned must receive full and actual compensation for the damage he has suffered does not mean that a breach of the AVG by definition results in damage and that damage must not have been 'real and certain'.