BL – CJEU Judgment (Germany, 2024)
CJEU judgment — not a DPA enforcement action
This is a Court of Justice ruling, not an enforcement action by a data protection authority. It is not included in cookie statistics or the Risk Calculator.
The Court of Justice ruled on a case where a person's personal data was mistakenly given to a third party during a shopping transaction. This ruling clarifies that even unintentional data breaches can lead to claims for damages. Businesses must take care to protect customer information during transactions.
What happened
A third party accidentally received a customer's personal data during a purchase at Saturn Media Market.
Who was affected
A customer whose personal data was unintentionally disclosed to a third party.
What the authority found
The Court held that the unauthorized disclosure of personal data, even if unintentional, can be considered a breach of GDPR.
Why this matters
This case highlights the need for businesses to implement strong safeguards during transactions. Small businesses should train employees to handle personal data carefully to avoid potential legal issues.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The data subject (the claimant) bought a household appliance. To buy it he entered into a payment contract with Saturn Media Market (the controller). This contract contained the claimant's personal data (first and last name, address, place of residence, employer, income and bank details) and was printed and signed by both the controller and claimant. The claimant took the appliance and contract to the check-out desk at the Saturn Media Market. A third party slipped past the claimant in the line and was able to collect both the appliance and the contract. An employee at Saturn Media Market realised the mistake and was able to reclaim the appliance and contract within half an hour. There was no evidence that the third party misused the personal data of the claimant. The controller offered to compensate the complainant for the mistake by sending the appliance free of charge to his house. The claimant refused and requested damages under Article 82(1) GDPR. The claimant brought an action before the Amtsgericht Hagen (Hagen District Court, Germany) wanting compensation for the non-material damage he claimed to have suffered as a result of the error made by Saturn's employees and the risks resulting from the loss of control over his personal data. The Hagen District Court referred seven questions to the CJEU: # Is Article 82 GDPR valid given that the Article itself appears to to lack precision as to its legal effects in the event of compensation for non-material damage. As no automatic legal effects are specified, is the compensation rule is valid in respect of non-material damage? # Does the complainant need to prove, in addition to the unathorised disclosure to a third party, the existence of a damage? # Does the mere fact that printed documents containing personal data that have been transmitted without authorisation to a third party due to an error committed by employees of the controller, establish a breach of the GDPR? # Does unintenional disclosure (via a breach
Outcome
CJEU Judgment
A judgment by the Court of Justice of the European Union, typically on a preliminary reference from a national court.
Violations (1)
Third-party tracking cookies or scripts are loaded without obtaining prior user consent.
Art. 13, 14 GDPR
Related Cases (0)
No other cases found for BL in DE
This is the only recorded case for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
Judgment Date
25 January 2024
Authority
Court of Justice of the European Union
GDPRhub ID
gdprhub-cjeu-7569About this data
Cite as: Cookie Fines. BL - Germany (2024). Retrieved from cookiefines.eu
Last updated: