New wave of lawsuits like the diesel?

A lawyer asks at least 500 euros for an unsolicited commercial email, the court refuses. Now the Federal Constitutional Court has intervened against it.

The proceedings concerned a lawyer who received a company email to his professional email address.

Dhe data protection is a minefield for German companies, which in the future could lead to far greater shocks than before. The reason for this is not only fines from data protection authorities, which can more and more often reach millions. Claims for damages can make an even bigger impression, because the Federal Constitutional Court has now given them a boost.

In a recent decision, the constitutional judges in Karlsruhe have now made it clear that German courts are not allowed to reject claims for damages because they only concern minor issues. The European Court of Justice (ECJ) would have to approve this reason for refusal. However, he has not done that yet – and data protection lawyers do not expect him to do so either. On the contrary: With the ruling by the German constitutional judges, the new opportunity for plaintiff lawyers has a new appeal. “A lawsuit industry similar to that of Diesel lawsuits threatens here,” says Frankfurt attorney Tim Wybitul, partner at the law firm Latham & Watkins, who and his colleagues have already defended thousands of such claims on the part of defendant companies.

Damage is not evident

The proceedings concerned a lawyer who received a company email to his professional email address. On the other hand, he sued the Goslar District Court for compensation for pain and suffering: The company should pay him at least 500 euros. In doing so, he relied on Article 82 of the GDPR, the General Data Protection Regulation, which provides for “reasonable compensation for pain and suffering” for culpable violations.

The district court followed the plaintiff in his wish not to be bothered anymore. The company also had to provide information on the extent of the data collection. But the claim for compensation for pain and suffering was rejected because the damage was “not apparent”. It was merely a single advertising e-mail that was sent “not at the wrong time” and that, due to its external appearance, clearly showed that it was advertising and therefore did not require any lengthy consultation.

Significant risks for companies

The decision from Goslar is probably not an isolated case. In similar constellations, many judges are likely to rely on such a justification for reasons of speeding up the process. After the words of warning, this is now at an end until the ECJ pronounces a judgment. “This is associated with significant risks for companies,” warns Wybitul. In recent years, the ECJ has often decided in a very data protection-friendly manner.

The number of complaints is also likely to increase because the scandals surrounding the inadequate handling of customer and consumer data are increasing. With the GDPR, a challenging catalog of duties has emerged for companies, and many negligent users have become significantly more receptive to the subject of data protection – and more willing to complain. This is shown by breaches that have become known at Marriott Hotels, Mastercard or the car rental company Buchbinder, against which consumers are asserting claims. Those who shy away from the cost risk in the event of a defeat in court can turn to a legal tech such as the European Society for Data Protection from Munich – comparable systems were also used intensively in the Diesel lawsuits. After an examination, the platform engages lawyers and, if successful, retains 25 percent of the amount won for the mediation.