CJEU case C‑383/23 ILVA (Fine for an infringement of the GDPR) – CJEU Judgment (Denmark, 2025)
CJEU judgment — not a DPA enforcement action
This is a Court of Justice ruling, not an enforcement action by a data protection authority. It is not included in cookie statistics or the Risk Calculator.
ILVA (the controller) operates a chain of furniture stores and is part of the Lars Larsen Group (the undertaking). The total undertaking's turnover was multiple times higher than that of the controller. The controller is charged before the Danish courts with violating the GDPR in relation to the retention of the data of at least 350,000 former customers. On the recommendation of the Danish DPA, the Public Prosecutor’s Office sought the imposition of a fine of DKK1,500,000 (approximately 201,000€) on the controller. The calculation of that amount was based not only on the turnover of the controller, but also on the overall turnover of the undertaking. The Aarhus District Court (Retten i Aarhus) found that since the charges had been brought only against the controller, it was not necessary to take into account the turnover of the undertaking to determine the amount of the fine. Furthermore, the court noted that the controller was engaged in an independent retail activity and that it had not been set up by the parent company for the sole purpose of processing the undertaking's data. The Public Prosecutor’s Office appealed to the High Court of Western Denmark (Vestre Landsret), which decided to stay the proceedings and to request a preliminary ruling asking in essence, whether Article 83(4) to (6) GDPR, read in the light of Recital 150, must be interpreted as meaning that the term ‘undertaking’ in those provisions corresponds to the concept of ‘undertaking’, within the meaning of Articles 101 and 102 TFEU, with the result that, where a fine for infringement of the GDPR is imposed on a controller which is or forms part of an undertaking, the amount of the fine is to be determined on the basis of a percentage of the undertaking’s total worldwide annual turnover in the preceding business year. The AG emphasised that the notion of “undertaking” has been recently interpreted by the CJEU in C-807/21 Deutsche Wohnen. According to the CJEU, the undertaking should be understoo
GDPR Articles Cited
ILVA (the controller) operates a chain of furniture stores and is part of the Lars Larsen Group (the undertaking). The total undertaking's turnover was multiple times higher than that of the controller. The controller is charged before the Danish courts with violating the GDPR in relation to the retention of the data of at least 350,000 former customers. On the recommendation of the Danish DPA, the Public Prosecutor’s Office sought the imposition of a fine of DKK1,500,000 (approximately 201,000€) on the controller. The calculation of that amount was based not only on the turnover of the controller, but also on the overall turnover of the undertaking. The Aarhus District Court (Retten i Aarhus) found that since the charges had been brought only against the controller, it was not necessary to take into account the turnover of the undertaking to determine the amount of the fine. Furthermore, the court noted that the controller was engaged in an independent retail activity and that it had not been set up by the parent company for the sole purpose of processing the undertaking's data. The Public Prosecutor’s Office appealed to the High Court of Western Denmark (Vestre Landsret), which decided to stay the proceedings and to request a preliminary ruling asking in essence, whether Article 83(4) to (6) GDPR, read in the light of Recital 150, must be interpreted as meaning that the term ‘undertaking’ in those provisions corresponds to the concept of ‘undertaking’, within the meaning of Articles 101 and 102 TFEU, with the result that, where a fine for infringement of the GDPR is imposed on a controller which is or forms part of an undertaking, the amount of the fine is to be determined on the basis of a percentage of the undertaking’s total worldwide annual turnover in the preceding business year. The AG emphasised that the notion of “undertaking” has been recently interpreted by the CJEU in C-807/21 Deutsche Wohnen. According to the CJEU, the undertaking should be understoo
Outcome
CJEU Judgment
A judgment by the Court of Justice of the European Union, typically on a preliminary reference from a national court.
Related Cases (0)
No other cases found for CJEU case C‑383/23 ILVA (Fine for an infringement of the GDPR) in DK
This is the only recorded case for this entity in this jurisdiction.
Details
Judgment Date
13 February 2025
Authority
Court of Justice of the European Union
GDPRhub ID
gdprhub-cjeu-8875About this data
Cite as: Cookie Fines. CJEU case C‑383/23 ILVA (Fine for an infringement of the GDPR) - Denmark (2025). Retrieved from cookiefines.eu
Last updated: