Adopted a broad interpretation of health data, including orders for non-prescription medicines. (C-807/21)
Invalidated the EU-US Privacy Shield due to US surveillance concerns. (C-21/23) GDPR Articles With Commentary & EU Case Laws
Anyone who has suffered damage due to a GDPR infringement has the right to receive compensation from the controller or processor. Adopted a broad interpretation of health data, including
In Schrems v Meta (C-446/21), the CJEU emphasized data minimisation , ruling that personal data cannot be processed indefinitely for targeted advertising without strict temporal limits. Article 6: Lawfulness of Processing In Schrems v Meta (C-446/21), the CJEU emphasized
In UI v Österreichische Post AG (C-300/21), the court held that mere infringement is not enough to warrant compensation; there must be actual damage, though there is no "seriousness" threshold. A later ruling (C-340/21) confirmed that a well-founded fear of data misuse can qualify as non-material damage. Summary Table of Landmark EU Case Laws Relevant Article Key Ruling / Impact Schrems II (C-311/18) Art. 44–46
The CJEU ruled in FT v DW (C-307/22) that controllers must provide the first copy of medical records free of charge , regardless of the reason for the request. Article 82: Right to Compensation