Court case 2 Ca 4416/23 – Court Ruling (Germany, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A German court ruled that a company failed to provide a job applicant with all the information he requested about his application. This matters because it highlights the importance of transparency in handling personal data, especially for businesses that collect information from applicants.
What happened
A job applicant requested information about his application and personal data but received incomplete details.
Who was affected
The job applicant whose application was rejected and sought information from the company.
What the authority found
The court decided that the company did not violate data protection rules but also noted that the applicant could not prove he suffered damages.
Why this matters
This case emphasizes the need for companies to properly fulfill requests for personal data. Businesses should ensure they have clear processes for responding to such requests to avoid potential disputes.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The data subject applied for a job position at the controller. As his application was rejected, the data subject wanted to know the reasons for the rejection and requested from the controller a copy of his personal data under Article 15 GDPR. However, the controller only provided a printout of the stored data to the data subject. Subsequently, the data subject filed a complaint against the controller before the labour court in Düsseldorf ("Arbeitsgericht Düsseldorf"), seeking all information about recipients of his personal data, reasons for rejection of his job application, and a copy of all of his personal data. The data subject also requested €6,000 for non-material damages under Article 82 GDPR. During the course of the proceedings, the first three claims were settled as the controller provided the requested information in the written statement. The monetary compensation was reduced to €2,000. The data subject still claimed non-material damages because the controller failed to provide access under Article 15 GDPR without undue delay and in any event within one month, which resulted in a loss of control over his data. The data subject was also massively annoyed that the controller did not properly fulfil his right to access. The court dismissed the data subject's claim for monetary compensation under Article 82(1) GDPR as he was unable to demonstrate either non-material damage or the causal nexus between the violation of the GDPR and the damage. The court took into account the CJEU judgements in case C-667/21 - Krankenversicherung Nordrhein and C-687/21 - Saturn Electroand held that Article 82(1) GDPR is not about punitive damages for a violation of the GDPR. It merely fulfils a compensatory function as a genuine claim for damages. Therefore, a claim for damages would require a violation of the law as well as damage caused as a result of the violation of the law. Thus, there must also have been negative consequences for the person to claim damages. The court
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Court case 2 Ca 4416/23 in DE
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Court case 2 Ca 4416/23 - Germany (2024). Retrieved from cookiefines.eu
Last updated: