2,500 euros in damages for data protection breach legally effective – Scalable Capital withdraws appeal against Munich Regional Court ruling
Munich, August 16, 2022. EuGD Europäische Gesellschaft für Datenschutz mbH (https://eugd.org) has achieved another success in a model case against FinTech company Scalable Capital: Scalable Capital has withdrawn its appeal against the verdict of the Munich Regional Court of December 2021 „for strategic reasons“.
A consumer supported by EuGD was awarded damages of 2,500 euros by the Munich Higher Regional Court for non-material damage caused by a data leak at Scalable Capital. This means that the ruling of the Munich Regional Court from last year is legally binding. Probably for the first time in Europe, a person affected by a data leak is now legally awarded damages pursuant to Art. 82 GDPR.
„EuGD has now obtained a legally binding damages judgment for a data leak in a first sample case. Hopefully, this will encourage more consumers to claim their rights. The withdrawal of the appeal suggests that Scalable Capital no longer wants to dispute the breach itself, but only the amount of damages. We will continue to support those affected on the path to damages and take appropriate steps“ explains Thomas Bindl, founder of EuGD.
EuGD lawsuit exposes blatant data protection failures – other courts join in
In the data leak, user data records had been stolen from Scalable Capital’s systems, in part with address and ID data, but also tax and account information of more than 33,000 people, including those of the plaintiff, and in part made accessible to third parties. In the course of the proceedings, it became apparent that due to a hacking attack at a former service provider of Scalable Capital, a security flaw had occurred in the access to the cloud environment of the FinTech company. The Regional Court considered this security flaw to be avoidable and thus a breach of the GDPR and awarded the plaintiff non-material damages due to the loss of control over his personal identity and financial data. In the meantime, the Regional Courts of Cologne and Stuttgart have also adopted this view and awarded affected parties damages of 1,200 euros each in other proceedings against Scalable Capital.
Attorney Dr. Diana Ettig of Spirit Legal, who represented the plaintiff in court, comments: „Even if this decision has no binding effect on other proceedings, it sends a signal: Until now, German courts have been rather reluctant to award compensation for immaterial damages. This has now changed, especially since the Higher Regional Court indicated at the hearing that it might also decide the appeal in favor of the plaintiff and that it was considering allowing an appeal to the German Federal Court of Justice. However, this has now become obsolete.“
Peter Hense, partner at the law firm Spirit Legal, adds, „Anyone who negligently handles customer data and thereby opens the door to criminals must expect four-digit damages – per affected person. This makes it clear that investments to protect user data for companies – especially in an area as sensitive as the financial sector – can no longer be an arithmetic exercise, but a clear necessity.“
About EuGD
EuGD Europäische Gesellschaft für Datenschutz mbH (EuGD), founded in February 2019, is the operator of the eponymous portal EuGD.org, which supports consumers in the enforcement of legal claims arising from violations of the GDPR. The Munich-based company is already helping several thousand consumers to claim damages without any cost risk to themselves. Currently, with EuGD’s support, more than a dozen legal proceedings are underway in Germany against companies such as Amazon, Scalable Capital and Facebook before regional and higher regional courts and the Federal Court of Justice. In addition there are pending cases before the German Federal Constitutional Court and the General Court of the European Union.
Further information at https://eugd.org
Images:
Dr. Diana Ettig (Spirit Legal)
Peter Hense (Spirit Legal)