CJEU case Joined Cases C‑182/22 and C‑189/22 Scalable Capital – CJEU Judgment (European Union, 2024)
CJEU judgment — not a DPA enforcement action
This is a Court of Justice ruling, not an enforcement action by a data protection authority. It is not included in cookie statistics or the Risk Calculator.
Scalable capital (‘controller’) managed a trading application in which the data subject opened accounts and entered personal data to do so. In 2020, their personal data were seized by third parties whose identity remains unknown. According to the controller, those data had not been used fraudulently. The data subjects brought an action before the Amtsgericht München (Local Court, Munich, Germany) seeking compensation for the non-material damage which they claimed to have suffered as a result of the theft of their personal data. The court stayed the proceedings and decided to refer the following questions to the CJEU: # Does the right to compensation under Article 82(1) GDPR, including the determination of the amount of the compensation, have a purely compensatory function, and in some cases a satisfactory function? # Does the right to compensation also have an individual satisfaction function – understood as the private interest of the injured party in seeing the behaviour that caused the damage penalised? When determining the compensation, is additional weight attributed to only deliberate or grossly negligent data protection infringements? # Is the compensation for non-material damages to be determined on the basis of a structural order of precedence which attributes less weight to the detrimental effects of a data infringement than to the detrimental and painful effects associated with a physical injury? # Can a national court only award minimal compensation in the light of the non-serious nature of the damage? # Does identity theft under recital 75 GDPR require the offender to have actually assumed the identity of the data subject, meaning to have somehow impersonated that person, or does the mere possession of such data constitute identity theft? On the first and second questions First, the CJEU pointed out that it has already held that Article 82 GDPR fulfills a function that is compensatory and not punitive (§22 of the Judgement, and See [https://gdprhub
GDPR Articles Cited
Scalable capital (‘controller’) managed a trading application in which the data subject opened accounts and entered personal data to do so. In 2020, their personal data were seized by third parties whose identity remains unknown. According to the controller, those data had not been used fraudulently. The data subjects brought an action before the Amtsgericht München (Local Court, Munich, Germany) seeking compensation for the non-material damage which they claimed to have suffered as a result of the theft of their personal data. The court stayed the proceedings and decided to refer the following questions to the CJEU: # Does the right to compensation under Article 82(1) GDPR, including the determination of the amount of the compensation, have a purely compensatory function, and in some cases a satisfactory function? # Does the right to compensation also have an individual satisfaction function – understood as the private interest of the injured party in seeing the behaviour that caused the damage penalised? When determining the compensation, is additional weight attributed to only deliberate or grossly negligent data protection infringements? # Is the compensation for non-material damages to be determined on the basis of a structural order of precedence which attributes less weight to the detrimental effects of a data infringement than to the detrimental and painful effects associated with a physical injury? # Can a national court only award minimal compensation in the light of the non-serious nature of the damage? # Does identity theft under recital 75 GDPR require the offender to have actually assumed the identity of the data subject, meaning to have somehow impersonated that person, or does the mere possession of such data constitute identity theft? On the first and second questions First, the CJEU pointed out that it has already held that Article 82 GDPR fulfills a function that is compensatory and not punitive (§22 of the Judgement, and See [https://gdprhub
Outcome
CJEU Judgment
A judgment by the Court of Justice of the European Union, typically on a preliminary reference from a national court.
Related Cases (0)
No other cases found for CJEU case Joined Cases C‑182/22 and C‑189/22 Scalable Capital in EU
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. CJEU case Joined Cases C‑182/22 and C‑189/22 Scalable Capital - European Union (2024). Retrieved from cookiefines.eu
Last updated: