BL – CJEU Judgment (Germany, 2024)

The data subject (the claimant) bought a household appliance. To buy it he entered into a payment contract with Saturn Media Market (the controller). This contract contained the claimant's personal data (first and last name, address, place of residence, employer, income and bank details) and was printed and signed by both the controller and claimant. The claimant took the appliance and contract to the check-out desk at the Saturn Media Market. A third party slipped past the claimant in the line and was able to collect both the appliance and the contract. An employee at Saturn Media Market realised the mistake and was able to reclaim the appliance and contract within half an hour. There was no evidence that the third party misused the personal data of the claimant. The controller offered to compensate the complainant for the mistake by sending the appliance free of charge to his house. The claimant refused and requested damages under Article 82(1) GDPR. The claimant brought an action before the Amtsgericht Hagen (Hagen District Court, Germany) wanting compensation for the non-material damage he claimed to have suffered as a result of the error made by Saturn's employees and the risks resulting from the loss of control over his personal data. The Hagen District Court referred seven questions to the CJEU: # Is Article 82 GDPR valid given that the Article itself appears to to lack precision as to its legal effects in the event of compensation for non-material damage. As no automatic legal effects are specified, is the compensation rule is valid in respect of non-material damage? # Does the complainant need to prove, in addition to the unathorised disclosure to a third party, the existence of a damage? # Does the mere fact that printed documents containing personal data that have been transmitted without authorisation to a third party due to an error committed by employees of the controller, establish a breach of the GDPR? # Does unintenional disclosure (via a breach