Germany: Federal Labor Court on non-pecuniary damages pursuant to Art. 82 GDPR

In a highly regarded judgment (Federal Labor Court (FLC), judgment of February 20, 2025, 8 AZR 61/24) concerning a claim for damages for non-pecuniary pursuant to Art. 82 (1) GDPR in connection with the right to information under Art. 15 GDPR, clarifying its case law to the effect that merely invoking a “negative emotional state” is not sufficient to assume a loss of control over personal data and thus non-pecuniary damage within the meaning of Art. 82 (1) GDPR. A compensable loss of control requires a judicially reviewable, well-founded fear of data misuse.

The Core

Just under four years after leaving his employment, the plaintiff requested information about the processing of his personal data in accordance with Art. 15 (1) and (3) GDPR. However, the defendant did not adequately comply with his request, as assessed by the plaintiff, whereupon the plaintiff claimed “monetary compensation” under Article 82 (1) GDPR. The “significant degree of concern about the fate of his data” expressed by the plaintiff in the present case, fear of his data being “misused” and being “annoyed” by the effort involved in pursuing legal action in connection with the right to information under Art. 15 GDPR is not sufficient to justify a claim for damages under Article 82 (1) GDPR. Although concern about data misuse may constitute non-pecuniary damage within the meaning of Art. 82 (1) GDPR, the mere expression of such fears is generally not sufficient to establish damage. Rather, a measurable and objectifiable statement of the damage incurred is required (FLC, judgment of July 25, 2024, 8 AZR 225/23, para. 33; judgment of June 20, 2024, 8 AZR 124/23, para. 15). In addition, the Senate confirmed its case law on the burden of proof and presentation of evidence by the data subject regarding damage suffered by him and a violation of the GDPR by the employer (ECJ, judgment of April 11, 2024 – C-741/21, para. 35; judgment of January 25, 2024 – C-687/21 para. 60 et seq. [MediaMarktSaturn]; FLC, judgment of June 20, 2024, 8 AZR 124/23 para. 13).

The decision

It is striking that the FLC assesses this legal issue differently from the Federal Court of Justice (BGH) in comparable cases (landmark judgment on so-called scraping BGH, judgment of November 18, 2024, Ref. VI ZR 10/24; judgment of February 11, 2025, Ref. VI ZR 365/22). The BGH already assumes liability-triggering non-pecuniary under Art. 82 (1) GDPR in the event of an alleged loss of control over one's own data, without imposing any further requirements regarding objectivity or judicial measurability. The current divergence between the two federal courts on this issue creates a legal situation that offers scope for strategic considerations regarding the choice of jurisdiction. In labor court proceedings, employees will now find it more difficult to claim damages from their employers for GDPR violations. Employers are thus better protected against “blanket claims for damages” and abuse by “GDPR hoppers.” Plaintiffs before the general civil courts, on the other hand, can sue for non-pecuniary damages much more easily. Therefore, it may be advisable for employers in a corresponding legal dispute to challenge the jurisdiction of civil courts and request referral to the labor court. This is particularly relevant in cases of serious data protection violations such as data leaks and scraping, where companies face significantly higher liability risks. The BGH judgment thus creates significantly more consumer-friendly legal protection for data subjects outside of employment relationships in the event of data protection violations.

Practical Tips Advice

Employers should establish clear internal processes for requests for information under Art. 15 GDPR and document the processing steps to avoid delays in responding. Proactive communication with comprehensible explanations is also crucial.

Further information can be found on the website of the Federal Labor Court.