Court case 13R3/24t – Court Ruling (Austria, 2025)

The data subject is an individual whose personal data (name, address, date of birth) are stored in the Austrian Central Population Register. The controller is a company responsible for collecting broadcasting fees and is legally allowed to receive population-register data to identify liable fee payers. In May 2020, it became public that a hacker was offering large quantities of Austrian register data for sale. The controller issued a press release informing the public about the incident and clarifying that it was unclear whether the leaked data came from its systems. It also notified the Data Protection Authority (DSB) under Article 33 GDPR, but it did not individually notify potentially affected persons. The data subject did not know in 2020 whether he was affected. In 2023, he learned that his data had indeed appeared in the leaked dataset. To understand what data the controller was processing, he submitted an Article 15 GDPR access request on 4 March 2023. The controller warned of delays due to high workload and ultimately responded only on 24 May 2023. Believing that the controller had exceeded the legal response period, the data subject instructed a lawyer to file a complaint with the DSB. He paid the lawyer €200. He then brought a civil action claiming €200 in material damages for attorney’s fees and €200 in non-material damages arguing that he had to hire a lawyer and since DSB proceedings do not provide cost reimbursement, he considers these expenses a recoverable financial loss under Article 82 GDPR. He further claims that the defendant breached Article 34 GDPR by not notifying him of the 2020 data breach and as a result, he spent around 240 hours dealing with anger, worry, and efforts to obtain withheld information, justifying non-material harm. The first-instance civil court rejected the material-damages claim as inadmissible, holding that administrative procedure costs are normally borne by the parties. It dismissed the non-material-damages claim becaus