Compensation Mechanisms and Remedies under DSA

Article 54

Schadevergoeding

Article 54

Compensation

Article 75

Enhanced supervision of remedies to address infringements of obligations laid down in Section 5 of Chapter III

Recital 64

Recital 121

Article 75

Verscherpt toezicht op remedies ter bestrijding van inbreuken op in hoofdstuk III, afdeling 5 vastgelegde verplichtingen

Recital 64

Recital 121

Rechtbank Den Haag - recht op schadevergoeding en aansprakelijkheid - C/09/608204 / HA RK 21-96

Rechtbank Den Haag - Civiel recht

Verzoek tot ongedaanmaking registratie in incidentenregister en EVR. Staat in voldoende mate vast dat verzoeker tegenover de verzekeraar opzettelijk onjuist heeft verklaard over de omvang van de schade?Verzoeken tot vergoeding van immateriële schade en overgaan tot uitkering zijn niet-ontvankelijk. Dit zijn vorderingen, en de procedure van art. 35 UAVG is beperkt tot het toe- of afwijzen van verzoeken o.g.v. art. 15 t/m 22 AVG.

Rechtbank Rotterdam - recht op schadevergoeding en aansprakelijkheid - ROT 20/3286

Rechtbank Rotterdam - Bestuursrecht

Naar het oordeel van de rechtbank heeft verzoekster recht op toekenning van een vergoeding voor immateriële schade nu verweerder door het bewaren en verwerken van de rapporten met persoonlijke gegevens van verzoekster in strijd heeft gehandeld met de AVG en daardoor het recht op eerbiediging van de persoonlijke levenssfeer van verzoekster heeft geschonden. Ten aanzien van de hoogte van de vast te stellen schadevergoeding is van belang dat de privacygevoelige persoonsgegevens gedurende een period

Raad van State - recht op schadevergoeding en aansprakelijkheid - 201907720/1/A3

Raad van State - Bestuursrecht

Bij besluit van 19 september 2017 heeft het college van burgemeester en wethouders van Heemskerk het verzoek van [appellant sub 1] om inzage in zijn persoonsgegevens buiten behandeling gesteld. [appellant sub 1] heeft op 30 juli 2017 verzocht om inzage in de verwerking van zijn persoonsgegevens als bedoeld in artikel 35 van de Wbp. Volgens [appellant sub 1] zijn zijn persoonsgegevens onder meer verwerkt voor een eerder ingediend verzoek op grond van de Wet openbaarheid van bestuur. Hij heeft ook

Data Protection Commissioner v. Facebook Ireland Ltd, and Maximillian Schrems

Schrems II

“although not requiring a third country to ensure a level of protection identical to that guaranteed in the EU legal order, the term ‘adequate level of protection’ must […] be understood as requiring the third country in fact to ensure, by reason of its domestic law or its international commitments, a level of protection of fundamental rights and freedoms that is essentially equivalent to that guaranteed within the European Union by virtue of the regulation, read in the light of the Charter.

Rechtbank Amsterdam - recht op schadevergoeding en aansprakelijkheid - C/13/677172 / HA RK 19-435

Rechtbank Amsterdam - Civiel recht

AVG rekest.Verzoek verwijdering persoonsgegevens en materiële en immateriële schadevergoeding ex art. 82 AVG ogv onrechtmatige verwerking persoonsgegevens.Geen belang meer bij verwijderingsverzoek wegens minnelijke regeling. Afwijzing schadevergoeding.

Peter Puškár v Finančné riaditeľstvo Slovenskej republiky and Kriminálny úrad finančnej správy

Puškár

Right to Adequate Legal Remedy: Making the admissibility of a legal action brought by a person alleging infringement of his right to data protection subject to the prior exhaustion of the administrative remedies available does not violate Article 47 of the Charter of Fundamental Rights of the EU “provided that the practical arrangements for the exercise of such remedies do not disproportionately affect the right to an effective remedy before a court referred to in that article.” It is important,

Data Protection Commissioner v. Schrems and Facebook

Schrems I

Necessity/proportionality: The Decision does not contain any finding regarding US rules intended to limit the interference when they pursue legitimate objectives such as national security, nor refer to effective legal protection against such interference. FTC procedures and private dispute resolution mechanisms concern compliance with safe harbor principles (against US organizations) and cannot be applied with respect to measures originating from the State. Moreover, the Commission found that if

COLLEGE VAN BURGEMEESTER EN WETHOUDERS VAN ROTTERDAM V. RIJKEBOER, 7.5.2009 (“RIJKEBOER”)

Rijkeboer

Right of Access: Rules limiting the storage of information on the recipients or categories of recipient of personal data and on the content of the data disclosed to a period of one year and correspondingly limiting access to that information, while basic data is stored for a much longer period, do not constitute a fair balance of the interest and obligation at issue, unless it can be shown that longer storage of that information would constitute an excessive burden on the controller (determinati

Rechtbank 's-Gravenhage - recht op schadevergoeding en aansprakelijkheid - KG 07/1158

Rechtbank 's-Gravenhage - Civiel recht

Internetpublicaties waarin medewerker van Vodafone wordt beschuldigd van onder meer leugens. Hierbij heeft gedaagde - opzettelijk - vaak haar naam genoemd, zodat haar naam op Google direct met de beschuldigingen in verband wordt gebracht. Schending recht op bescherming persoonlijke levenssfeer. Aannemelijk dat reputatieschade is geleden. Voorschot op vergoeding van immateriële schade.

NIKOLAOU V. COMMISSION

Nikolaou

Non-contractual liability under EU law: The normal rule is that the burden of proof is on the applicant to establish: i) the illegal action of a EU institution; ii) damages; iii) proof that the damages were caused by the illegal action of the institution. However, the burden of proof shifts to the institution when a fact giving rise to damages could have resulted from various causes, and the institution has not introduced any element of proof as to which was the true cause, even though it was be

Gerechtshof 's-Gravenhage - recht op schadevergoeding en aansprakelijkheid - C05/907

Gerechtshof 's-Gravenhage - Civiel recht

Is werkgever aansprakelijk ex 7:658 wegens psychische schade/stress?

Rechtbank Amsterdam - recht op schadevergoeding en aansprakelijkheid - KG 04/1566 SR

Rechtbank Amsterdam - Civiel recht

In de onderhavige zaak heeft de voorzieningenrechter bepaald dat het ophangen van een foto van een 79-jarige mevrouw in strijd is met artikel 21 van de Auteurswet

VERSIEGESCHIEDENIS

binding corporate rules voor verwerkingsverantwoordelijken

Versiegeschiedenis

Richtsnoeren 04/2021 voor gedragscodes als instrumenten voor doorgifte

Volgens artikel 46 van de AVG moeten verwerkingsverantwoordelijken/verwerkers passende waarborgen bieden voor de doorgifte van persoonsgegevens aan derde landen of internationale organisaties. Daarom worden in de AVG de verschillende passende waarborgen aangegeven die organisaties op grond van artikel 46 kunnen gebruiken voor doorgiften aan derde landen, onder meer door gedragscodes in te voeren als nieuw doorgiftemechanisme (artikel 40, lid 3, en artikel 46, lid 2, punt ...

Guidelines 04/2021 on Codes of Conduct as tools for transfers

Guidelines on codes of conduct and monitoring bodies

The GDPR requires in its Article 46 that controllers/processors shall put in place appropriate safeguards for transfers of personal data to third countries or international organisations. To that end, the GDPR diversifies the appropriate safeguards that may be used by organisations under Article 46 for framing transfers to third countries by introducing amongst others, codes of conduct as a new transfer mechanism (articles 40-3 and 46-2-e). In this respect, as provi...

Guidelines 03/2021 on the application of Article 65(1)(a) GDPR

Guidelines on the application of Article 60 GDPR

Richtsnoeren 07/2022 voor certificering als doorgifte-instrument

guidelines certificering

Op grond van artikel 46 van de algemene verordening gegevensbescherming (AVG) moeten gegevensexporteurs passende waarborgen bieden voor de doorgifte van persoonsgegevens aan derde landen of internationale organisaties. Daarom worden in de AVG de verschillende passende waarborgen aangegeven die gegevensexporteurs overeenkomstig artikel 46 kunnen gebruiken als kader voor de doorgifte aan derde landen, onder meer door certificering in te voeren als nieuw doorgiftemechanisme (artikel 42, lid 2, en a...

Guidelines 01/2021

Guidelines on Examples regarding Personal Data Breach Notification

Version history

Guidelines on articles 46 (2) (a) and 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies

Guidelines 1/2019 on Codes of Conduct and Monitoring Bodies under Regulation 2016/679

Guidelines on codes of conduct and monitoring bodies

Guidelines 01/2022 on data subject rights - Right of access

Guidelines on data subject rights - Right of access

The right of access of data subjects is enshrined in Art. 8 of the EU Charter of Fundamental Rights. It has been a part of the European data protection legal framework since its beginning and is now further developed by more specified and precise rules in Art. 15 GDPR.

Guidelines 3/2019 on processing of personal data through video devices

Guidelines on processing of personal data through video devices

Guidelines 10/2020 on restrictions under Article 23 GDPR

Guidelines on restrictions under Article 23 GDPR

Version history

Guidelines on the accreditation of certification bodies

Richtsnoeren 07/2022 voor certificering als doorgifte-instrument

Op grond van artikel 46 van de algemene verordening gegevensbescherming (AVG) moeten gegevensexporteurs passende waarborgen bieden voor de doorgifte van persoonsgegevens aan derde landen of internationale organisaties. Daarom worden in de AVG de verschillende passende waarborgen aangegeven die gegevensexporteurs overeenkomstig artikel 46 kunnen gebruiken als kader voor de doorgifte aan derde landen, onder meer door certificering in te voeren als nieuw doorgiftemechanisme (artikel 42, lid 2, en a...

Guidelines 07/2022 on certification as a tool for transfers

Guidelines on certification and identifying certification criteria

The GDPR requires in its Article 46 that data exporters shall put in place appropriate safeguards for transfers of personal data to third countries or international organisations. To that end, the GDPR diversifies the appropriate safeguards that may be used by data exporters under Article 46 for framing transfers to third countries by introducing, amongst others, certification as a new transfer mechanism (Articles 42 (2) and 46 (2) (f) GDPR). These guidelines provide guidance as to the applicati...

Guidelines 02/2022 on the application of Article 60 GDPR

Guidelines on the application of Article 60 GDPR

With the introduction of the GDPR, the concept of the one-stop shop was established as one of the main innovations. In cross-border processing cases, the supervisory authority in the Member State of the controller's or processor's main establishment is the authority leading the enforcement of the GDPR for the respective cross-border processing activities, in cooperation with all the authorities which may face the effects of the processing activities at stake: be it through the establishments ...

Guidelines 04/2022 on the calculation of administrative fines under the GDPR

Guidelines on the calculation of administrative fines under the GDPR

The European Data Protection Board (EDPB) has adopted these guidelines to harmonise the methodology supervisory authorities use when calculating of the amount of the fine. These Guidelines complement the previously adopted Guidelines on the application and setting of administrative fines for the purpose of the Regulation 2016/679 (WP253), which focus on the circumstances in which to impose a fine. The calculation of the amount of the fine is at the discretion of the supervisory authority, ...

Guidelines 06/2022 on the practical implementation of amicable settlements

Guidelines on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects

Richtsnoeren 10/2020 met betrekking tot de beperkingen krachtens artikel 23 AVG

guidelines beperkingen rechten van betrokkenen

Versiegeschiedenis

guidelines doorgifte van persoonsgegevens tussen overheidsinstanties en -organen binnen en buiten de EER

OGS Zagreb - Pn-877/2023-29

English Summary }}}} A court awarded €3,000 to a data subject after finding a news portal violated her privacy under [[Article 5 GDPR]] by publishing her personal data unnecessarily and disproportionately, despite claims of public interest.A court awarded €3,000 in damages to a data subject after finding that a news portal violated her right to privacy by publishing her personal data unnecessarily and disproportionately in two articles, despite the controller’s claims of public interest. == Engl

OLG Bamberg - 10 U 61/25 e

Holding }}}} The court held that the mere automated creation of a score value does not trigger [[Article 22 GDPR|Article 22 GDPR]] unless it directly leads to a legally or similarly significant decision about the data subject.The court held that the mere automated creation of a score value does not trigger [[Article 22 GDPR]] unless it directly leads to a legally or similarly significant decision about the data subject. == English Summary ==== English Summary == The data subject brought multiple

OGS Zagreb - Pn-877/2023-29

Facts The first article reported on payments related to the football club Dinamo Zagreb and included the data subject’s full name, bank account number, and payment amounts. The second article referred to the first article via a hyperlink but did not mention the data subject directly.The first article reported on payments related to the football club Dinamo Zagreb and included the data subject’s full name, bank account number, and payment amounts. The second article referred to the first article

OLG Bamberg - 10 U 61/25 e

}}}} The court held that the mere automated creation of a score value does not trigger [[Article 22 GDPR]] unless it directly leads to a legally or similarly significant decision about the data subject.A court held that the mere automated creation of a score value by a credit information agency does not trigger [[Article 22 GDPR]] unless it directly leads to a legally or similarly significant decision concerning the the data subject. == English Summary ==== English Summary == === Facts ====== Fa

Protecting Our Right to Sue Federal Agents Who Violate the Constitution

Federal agencies like Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP) have descended into utter lawlessness, most recently in Minnesota. The violence is shocking. So are the intrusions on digital rights. For example, we have a First Amendment right to record on-duty police, including ICE and CBP, but federal agents are violating this right. Indeed, Alex Pretti was exercising this right shortly before federal agents shot and killed him. So were the many people wh

Statutory Damages: The Fuel of Copyright-based Censorship

We're taking part in Copyright Week, a series of actions and discussions supporting key principles that should guide copyright policy. Every day this week, various groups are taking on different elements of copyright law and policy, and addressing what's at stake, and what we need to do to make sure that copyright promotes creativity and innovation. Imagine every post online came with a bounty of up to $150,000 paid to anyone who finds it violates opaque government rules—all out of the

OLG Frankfurt am Main - 6 U 81/23

|Court_Original_Name=Oberlandesgericht Frankfurt am Main|Court_Original_Name=Oberlandesgericht Frankfurt am Main |Court_English_Name=Higher Regional Court Frankfurt am Main|Court_English_Name=Higher Regional Court Frankfurt am Main |Court_With_Country=OLG Frankfurt am Main (Germany)|Court_With_Country=OLG Frankfurt (Germany) |Case_Number_Name=6 U 81/23|Case_Number_Name=6 U 81/23 |Party_Link_2=|Party_Link_2= |Appeal_From_Body=LG Frankfurt am Main (Germany)|Appeal_From_Body=LG Frankfurt (Germany)

OLG Frankfurt am Main - 6 U 81/23

}}}} The Court awarded €100 in non-material damages for the storage and processing of cookies without the data subject’s consent. Although the infringement was considered minor, and the data subject suffered no loss of control over his data, the court held that the feeling of being monitored constituted non-material damage.A Court awarded €100 in non-material damages for the storage and processing of cookies without the data subject’s consent. Although the infringement was considered minor, and

OLG Braunschweig - Az.: 2 U 71/24

}}}} The Court awarded €100 in non-material damages following a large-scale scraping incident affecting a social network. Although the impairment was considered minor, the Court held that the unauthorised linking and public dissemination of the data subject’s telephone number with other profile data resulted in a loss of control over personal data, which in itself constituted compensable non-material damage.A Court awarded €100 in non-material damages following a large-scale scraping incident af

OGS Zagreb - Pn-1378/2023-18

English Summary }}}} A court awarded €3,500 to a data subject after a bank mistakenly sent her financial data to another client, finding that the disclosure unlawfully violated her right to privacy and caused non-material harm.A court awarded €3,500 to a data subject after a bank mistakenly sent her financial data to another client, finding that the disclosure unlawfully violated her right to privacy and caused non-material damages. == English Summary ==== English Summary == === Holding ====== H

Procurement dispute: estoppel allowed

> Procurement. Claim for damages against contracting authority. Reliance on estoppel succeeds. Plaintiff did not challenge the award decision in interlocutory proceedings within 20 days. Pursuant to the tender conditions, she thereby also processed her right to damages. Applying this sunset clause here is not unreasonable or disproportionate. (Machine translated)

"Amsterdam Court of Appeal: Dissolution due to disrupted employment relationship and justified complaints of privacy violations"

> Dissolution because of a disturbed employment relationship, serious culpability of the employer because of insufficient reintegration in the first track and justified complaints of the employee about violation of privacy. Regarding the amount of the fair compensation, it was considered that hardly any relevant income loss had been suffered because the employee had been unfit for work for a long time and the end of the waiting period had... (Machine translated)

“Social media profiles and phone contacts” used as proof of identity for deportations

> Thirteen non-EU countries sometimes accept “social media profiles and phone contacts” as evidence of identity for the purpose of deportations, according to an internal European Commission assessment of third country cooperation on readmission.

Is the new ICT vendor liable for loss of data from old ICT environment?

District Court of North Holland February 15, 2023, IT 4241; ECLI:NL:RBNHO:2023:2471 (Pit v. OfficeGrip Holding c.s.) This case deals with the question of whether a new ICT supplier is liable for damages resulting from the loss of data from its client's old ICT environment. The court held that the agreement between the client and the new ICT supplier was aimed at setting up a new ICT environment and managing it. It had not been agreed that the new supplier was responsible for managing the old ICT

"Dutch District Court awards billijke vergoeding for employee's privacy breach"

Fair compensation after dissolution by subdistrict court. The court held that the employer had acted seriously culpable by seriously violating the employee's privacy, not being honest with the employee about it, and avoiding all communication with the employee. As a result, the employment relationship was disrupted. Estimate fair compensation, difference hypothet...

The Impact of Anonymizing Suspect Names in Court Rulings: Privacy, GDPR, and Compensation for Psychological Harm.

anonymizing defendant's name in judgment, GDPR, invasion of privacy, intangible damages

An analysis of Dutch case law: what factors play a role in awarding (or not) and determining the extent of damages under the GDPR?

Since May 2018, the GDPR has been directly applicable in the European Economic Area, including the member states of the European Union, Liechtenstein, Norway, and Iceland. Four years later, awarding damages for GDPR violations is still not a common practice in the Netherlands, despite the fact that news reports regularly mention data breaches and other GDPR violations. This article analyzes Dutch case law over the past four years to see what factors may influence the awarding of damages under th

Privacy activists warn against removing compensation for data protection breaches

> The Advocate General of the Court of Justice of the European Union (CJEU) issued a non-binding opinion, which privacy advocates fear could further limit users’ possibilities to enforce their privacy rights under the GDPR. > According to [the opinion](https://curia.europa.eu/juris/document/document.jsf;jsessionid=79F0B703F7CD84C2DE01BF340FD03C29?text=&docid=266842&pageIndex=0&doclang=en&mode=lst&dir=&occ=first&part=1&cid=244110) delivered last week, Europeans would hardly get compensated if t

Dirkzwager: ABRvS geeft uitleg aan het AVG-begrip "de instelling, uitoefening of onderbouwing van een rechtsvordering"

> Privacybescherming is niet absoluut. Dat staat zelfs letterlijk zo in de privacywetgeving. De AVG bevat daarom ook allerlei uitzonderingen. Een van de uitzonderingen die enkele keren terugkomt in de AVG ziet op de verwerking van persoonsgegevens in het kader van "de instelling, uitoefening of onderbouwing van een rechtsvordering". Tot op heden was echter niet heel erg duidelijk wat die woorden nu precies betekenen. Een recente uitspraak van de Afdeling bestuursrechtspraak van de Raad van State

European Commission introduces AI liability redress proposal

> The European Commission adopted a proposal for harmonizing rules around consumer redress in the Artificial Intelligence Liability Directive. The proposed rules will allow consumers to bring claims for damages "caused due to wrongful behaviour" with AI technologies. The Commission said the basis for claims could include "breaches of privacy, or damages caused by safety issues," while also noting claims can be brought "if someone has been discriminated in a recruitment process involving AI techn