The European Court of Justice (ECJ) has ruled that there is no minimum for immaterial damage in the event of violations of the General Data Protection Regulation (GDPR). This statement is a setback for many tech companies, as the GDPR legislation, introduced in 2018, requires companies to clearly indicate that they are collecting data from a user and to ask for permission. Companies that fail to comply with these regulations can face hefty fines. The ECJ’s ruling means that each member state can independently determine the severity of a GDPR breach and whether an alleged victim is entitled to a claim for damages. Peter Church, a lawyer at London-based Linklaters LLP, commented that the decision could lead to frivolous and vexatious claims, as well as large class actions in the event of a data breach.
