After yesterday’s ECJ ruling on „Österreichische Post“, virtually everything remains unclear for (judicial) practice. The labor and civil courts have not received any useful guidance from the ECJ to separate the chaff (no harm) from the wheat (harm).

Yes, there is no „materiality threshold“. Even „insignificant“ ones have to be compensated according to Art. 82 GDPR. But hand on heart: Who would have seriously expected the ECJ to adopt German case law on damages for pain and suffering and require a „serious“ breach in order for non-material damages to be compensated under Art. 82 GDPR?

And yes, without „damage“ no compensation. The mere data protection breach is not sufficient for damages. But this can – as the ECJ rightly emphasizes – already be inferred from the wording of Art. 82 GDPR and is not really a surprise, even if courts have occasionally overlooked this in the past.

But what is (immaterial) „damage“? If you read para. 50 of the judgment – it talks about „non-material damage within the meaning of Art. 82″ – you might think that the answer comes from the GDPR itself. There, however, one searches in vain for a definition. The ECJ itself does not even hint at what it understands by „damage“. We do know what „immaterial damage“ is not („material“, „economic“, „measurable in money“). However, nobody tells us yet how to recognize an „immaterial damage“. Not even the good old German Civil Code (BGB), which knows individual circumstances in which immaterial damage is compensable (e.g. § 253 para. 2 BGB and § 651 n para. 2 BGB – „vacation enjoyment“), but no definition of which conditions must be fulfilled so that what cannot be measured in money becomes „damage“.

Annoyance about spam mails, discomfort because of a data leak, an uneasy feeling because data has been lost: Is this already a „damage“ or just a „feeling“? People will continue to argue about this question in German labor and civil courts. The ECJ ruling has not provided any clarity and is useless in practice.