Experts: Austrian Post GDPR ruling offers clarity on damages compensation
A decision by Europe’s Supreme Court might make it easier for the bloc’s citizens to bring legal claims for privacy breaches—with potentially unlimited scope for damages.
On May 4, the Court of Justice of the European Union (CJEU) issued its ruling in the case of the Österreichische Post, Austria’s main postal service, which since 2017 had been using an algorithm to determine the political affinities of the country’s population—allegedly without their consent—to help with targeted mail shots during election campaigns. One citizen complained and sought 1,000 euros (U.S. $1,100) in damages.
The Austrian Supreme Court initially questioned whether the General Data Protection Regulation (GDPR) allowed compensation payments for every breach of the rules or if a certain level of “seriousness” needed to be reached first. It also wanted clarity about the size of any damages that could be imposed once these criteria had been satisfied.