Find a lawyerOur capabilitiesYour career
Locations
Our capabilities
News

Select language:

Locations
Our capabilities
News

Select language:

hamburger menu showcase image
  1. Our thinking
  3. Blogs
  5. Technology Quotient
  7. Data and tech: collective actions and mass claims across Europe
2MIN

Data and tech: collective actions and mass claims across Europe

May 8 2024

Actions for non-material damages following (alleged) infringements of the General Data Protection Regulation (GDPR) are increasingly being brought before courts across Europe. But legal requirements for the recognition of non-material damages are still to a large extent unclear. In our new blog post series, we explain the situation in several countries across Europe.

Many claimants request compensation solely based on a mere feeling of discomfort due to, for example, the loss of control over their personal data. In its 4 May 2023 decision (UI v Österreichische Post AG, Case C-300/21), the Court of Justice of the European Union (CJEU) ruled that a mere infringement of the GDPR does not automatically give rise to a right to compensation, but that claimants must prove that they have suffered causal damage resulting from the alleged infringement (see our recent blog). The CJEU does not give further guidance for national courts to determine whether ‘feelings of annoyance or discomfort’ resulting from eg the ‘mere loss of control’ of personal data constitute compensable non-material damage. Hence, the legal requirements for the recognition of non-material damages are still to a large extent unclear.

The procedural possibilities of asserting such mass claims vary from jurisdiction to jurisdiction. While opt-in actions seem to be more widespread in Europe, there are also opt-out actions (eg England, Wales and the Netherlands). In Belgium, the judge will decide if the action will be subject to an opt-in or an opt-out mechanism. 

Further, on 24 December 2020, the EU Representative Actions Directive (EU) 2020/1828 (EU-RAD) came into force, aiming to ensure consumers can protect their collective interests in the EU via representative actions. Legal actions under the EU-RAD must be brought by so-called qualified entities and may lead to an increased collective action risk for companies that fall victim to a data breach affecting numerous people. Additionally, we are seeing mass claims being brought by specialised claims vehicles, often backed by litigation funders.

Please find out more about the situation in Germany, England and Wales, France, the Netherlands, Belgium, Italy and Austria in our blog posts during the next weeks. 

Tags

datadata protectioneuropegdprlitigation

Authors

London

Giles Pratt

Global Head of IP/Data Practice, Global Co-Head of AI
Düsseldorf

Christoph Werkmeister

Global Co-Head of Data/Tech
Frankfurt am Main, Munich

Martin C. Mekat

Partner
London

Rachael Annear

Global Co-Head of Data/Tech
London

Cat Greenwood-Smith

Partner
London

Rhodri Thomas

Partner
Paris, Brussels

Jérôme Philippe

Partner
Amsterdam

Mark Egeler

Partner
Brussels

Satya Staes Polet

Partner
Milan

Giuseppe Curtò

Partner
Latest Insights

Latest Insights

NAVIGATE TO
About usLocations and officesYour careerOur thinkingOur capabilitiesNews
CONNECT
Find a lawyerAlumniContact us
NEED HELP
Fraud and scamsComplaintsTerms and conditions
LEGAL
AccessibilityCookiesLegal noticesTransparency in supply chains statementResponsible procurementPrivacy

Select language:
Select language:
© 2026 Freshfields. Attorney Advertising: prior results do not guarantee a similar outcome