Assessing Non-material Damages under the GDPR: A Review of The Recent Judicial Practice of Germany, UK, and the Netherlands



Data protection, GDPR, Germany, UK, The Netherlands


With the digitalisation of technologies, the issue of the valuation of non-material damages that has long been debated among the courts and scholars is taken more seriously. Although according to the General Data Protection Regulation (GDPR) and its recitals, data controllers are liable for such damages. However, there is inconsistency regarding the interpretation of this instrument, in terms of the scope of damages as well as their assessment. Frustratingly, still, there is no unique rule of compensation laid out for the measurement of non-material damages. Hence, an analysis of the judicial practice of different courts in European countries is important. This Article examines the recent approaches to the valuation of non-material damages under the GDPR, in three European countries, namely, Germany, the UK, and the Netherlands. It pursues to answer the key question that do the courts in these jurisdictions award compensation for non-material damages, and how are these non-pecuniary damages valuated? To answer this question, this article, in two parts, expounds on the concept of non-material damages under the GDPR, and analyses the respective judicial practices of Germany, the UK, and the Netherlands. It concludes that, so far, the approach of the German courts has been unique in the sense of substantiating the broad interpretation of damages in accordance with the GDPR. This legal system has delineated a promising achievement by establishing an implied limitation of liability clause (Lol) which may be equally followed by other European courts.

Author Biographies

Vahid Akefi GHAZIANI, Shahid Beheshti University

BA, LLM, Faculty of Law, Shahid Beheshti University, Tehran, Iran. Attorney at law and Member of Central Bar Association of Iran. Email:; ORCID iD: 0000-0002-4884-1197.

Moosa Akefi GHAZIANI, Payame Noor University (PNU)

Assistant Professor, Department of Law, Payame Noor University (PNU), P.O. Box 19395-4697, Tehran, Iran. Email:; ORCID iD: 0000-0001-8884-0773.

Mohammad Akefi GHAZIANI, University of Qom

PhD student in International Law, Department of International Law, Faculty of Law, University of Qom, Iran. Email:; ORCID iD: 0000-0002-5923-8684. (Corresponding author).


Journal Articles

Breen, Stephen, Ouazzane, Karim, and Patel, Preeti. “GDPR: Is Your Consent Valid?.” Business Information Review 37, no. 1 (2020): 19–24.

Chang, Zen. “Cyberwarfare and International Humanitarian Law.” Creighton International and Comparative Law Journal 9, no. 1 (2017): 29-53.

Hoffmann, Mia, and Nurski, Laura. “What is holding back artificial intelligence adoption in Europe?.” Policy Contribution, no. 24/21 (2021): 1-19.

Lutte, Isabelle. “Defining personal loss after severe brain damage.” Progress in Brain Research 177, (2009): 353-359.

MacMillan, Kate. “Struggling with the GDPR.” Computer Fraud & Security 2019, no. 6 (2019): 20-40.

Owen, David G. “A Punitive Damages Overview: Functions, Problems and Reform.” Villanova Law Review 39, no. 2 (1994): 364-68.

Rietiker, Daniel. “The Principle of ‘Effectiveness’ in the Recent Jurisprudence of the European Court of Human Rights: Its Different Dimensions and Its Consistency with Public International Law – No Need for the Concept of Treaty Sui Generis.” Nordic Journal of International Law 79, no. 2 (2010): 245-277.

Sadiku, Asmir. “Immaterial Damage And Some Types Of Its Compensation.” Prizren Social Science Journal 14, no. 1 (2020): 50-56.

Seo, Junwoo, et al. “An Analysis of Economic Impact on IoT under GDPR.” Mobile Information Systems 2018, no. 6792028 (2018).

Tarrant, John. “Obligations as Property.” UNSW Law Journal 34, no. 2 (2011): 677-695.

W. Franzese, Patrick. “Sovereignty in Cyberspace: Can It Exist?.” The Air Force Law Review; Maxwell AFB 64, (2009): 1-42.


A. Garner, Bryan. Black’s Law Dictionary, Ninth Edition. St. Paul, MN: Thompson West, 2009.

Barr, Warren. Modern Studies in Property Law, Volume 8. United Kingdom: Hart Publishing, 2015.

Berryman, Jeffrey. “Non-Pecuniary Damages in Common Law Canadian Tort Law.” Montreal: Canadian National Judicial Institute, 2014.

D. Solis, Gary. The Law of Armed Conflict: International Humanitarian Law in War, Second Edition. Cambridge: Cambridge University Press, 2016.

George, Alexandra. “The Difficulty of Defining ‘Intellectual Property’.” In Constructing Intellectual Property, edited by Alexandra George, 31-80. Cambridge, Cambridge University Press, 2012.

Gisel, Laurent, and Olejnik, Lukasz. ICRC Expert Meeting 14-16 November 2018- Geneva: The Potential Human Cost of Cyber Operations. Geneva: ICRC, 2018.

Heintschel von Heinegg, Wolff. “Legal Implications of Territorial Sovereignty in Cyberspace.” In 2012 4th International Conference on Cyber Conflict, edited by C. Czosseck, R. Ottis, and K. Ziolkowski, 7-19. Tallinn: NATO CCD COE Publications, 2012.

Hirsch, Susanna. “Children as Victims under Austrian Law.” In Children in Tort Law- Part II: Children as Victims, edited by Miquel Martín-Casals, 7-28. Germany: Springer, 2007.

International Energy Agency. Power systems in transition: Challenges and Opportunities ahead for Electricity Security. Paris: IEA Publications, 2020.

Jakson Heiki, et al. Energy in Irregular Warfare. Lithuania: NATO Energy Security Centre of Excellence, 2017.

Kono, Toshiyuki, and Jurcys, Paulius. “General Report.” In Intellectual Property and Private International Law: Comparative Perspectives, edited by Toshiyuki Kono, 1-216. Oxford: Hart Publishing, 2012.

Law Commission, Damages for Personal Injury: Non-Pecuniary Loss, Law Commission Consultation Paper No 140 (Norwich: HMSO, 1995).

Lynskey, Orla. The Foundations of EU Data Protection Law. Oxford: Oxford University Press, 2015.

Martinelli, Alberto, and Cavalli, Alessandro. European Society. Leiden: Brill, 2020.

Mohebi, Mohsen. “Evaluation of Damages in International Investment Arbitration: Appropriate Method.” In International Law in Motion-Some New Insights, edited by Mohsen Mohebi et al., 131-64. Louvain-la-Neuve: P.U.L., 2020.

Mummery, Sir John. “Property in the Information Age.” In Modern Studies in Property Law, Volume 8, edited by Warren Barr, 3-12. Oxford: Hart Publishing, 2015.

Narayanan, Anu, et al. Deterring Attacks against the Power Grid: Two Approaches for the US Department of Defence. Santa Monica: RAND Corporation, 2020.

Ras, Gabriëlle, van Gerven, Marcel, and Haselager, Pim. “Explanation Methods in Deep Learning: Users, Values, Concerns and Challenges.” In Explainable and Interpretable Models in Computer Vision and Machine Learning, edited by Hugo Jair Escalante et al., 19-36. Switzerland: Springer, 2018.

Roscini, Marco. “World Wide Warfare- Jus ad Bellum and the Use of Cyber Force.” In Max Planck Yearbook of United Nations Law, edited by A. Von Bogdandy and R. Wolfrum, 85-130. The Netherlands: Koninklijke Brill N V, 2010.

Stine, Kevin, et al. Integrating Cybersecurity and Enterprise Risk Management (ERM), NISTIR 8286. U.S.: National Institute of Standards and Technology: U.S. Department of Commerce, 2020.

W. Cox, Edward. The Principles Of Punishment As Applied In The Administration Of The Criminal Law By Judges And Magistrates. London: Law Times Office, 1877.

Wilkinson, Paul. “Terrorism.” In Ideas that Shape Politics, edited by Michael Foley, 189-98. Manchester: Manchester University Press, 1994.

Winiger, Bénédict, et al. Digest of European Tort Law: Volume 2: Essential Cases on Damage. Berlin: Walter de Gruyter, 2011.

Legal Documents

A Claim for Awarding Non-material Damages (Tehran Appeal Court, Case no. 9209970220101702, 1 March 2014).

Amtsgericht Pforzheim Pforzheim Local Court, 13 C 160/19, 25 March 2020.

Annibale Culin v Commission of the European Communities (European Court of Justice, C-343/87, ECLI: EU: C: 1990: 49, 7 February 1990).

Arbeitsgericht Dresden Dresden Labor Court, 13 Ca 1046/20, 26 August 2020.

Arbeitsgericht Düsseldorf Düsseldorf Labor Court, 9 Ca 6557/18, 5 March 2020.

Arbeitsgericht Lübeck Lübeck Labor Court, 1 Ca 538/19, 20 June 2019.

Computer Associates UK Ltd v The Software Incubator Ltd [2018] EWCA Civ 518.

Council of the European Union v Lieva de Nil and Christiane Impens (European Court of Justice, C-259/96 P, ECLI: EU: C: 1998: 224, 14 May 1998).

Darulis v Pennell, No. 17654, 680 N.E.2d 684 (Ohio Ct. App. 1996).

Data Protection Act (25 May 2018).

“Def Lepp Music and Others V. Stuart-Brown and Others,” Reports of Patent, Design and Trade Mark Cases 103, no. 11 (1986): 273–278,

Directive 2004/109/EC of the European Parliament and of the Council of 15 December 2004 on the harmonisation of transparency requirements in relation to information about issuers whose securabouttted to trading on a regulated market and amending Directive 2001/34/EC, OJ L 390/38.

Directive 2006/54/EC of the European Parliament and of the Council of 5 July 2006 on the implementation of the principle of equal opportunities and equal treatment of men and women in matters of employment and occupation (recast), OJ L 204/23.

Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and the freaboutsuch data, OJ L 281/31.

European Ombudsman v Claire Staelen (Court of Justice of the European Union, C-337/15 P, ECLI: EU: C: 2017: 256, 4 April 2017).

European Union, Regulation (EU) 2016/679 of the European Parliament and the Council on the protection of natural persons with regard to the processing of personal data and oaboutemeabatementdata, and repealing Directive 95/46/EC (General Data Protection Regulation). 27 April 2016. Available at:

Hofuitspraak zoals weergegeven in HR 15 maart 2019 (Supreme Court of the Netherlands, 17/04668, ECLI: NL: HR: 2019: 376, 15 March 2019).

Hoge Raad (Dutch Supreme Court, ECLI: NL: HR: 2003: AF4606, C01/246HR, 9 May 2003).

Island of Palmas (or Miangas) (Netherlands v United States of America) (Award) (Permanent Court of Arbitration, Case No 1925-01, 4 April 1928).

Johnson v Medical Defence Union [2007] EWCA Civ 262.

Landesarbeitsgericht Köln Regional Labor Court of Cologne, 2 Sa 358/20, 14 September 2020.

Lane v Facebook, Inc, 696 F 3d 811 (9th Cir, 2012).

LG Darmstadt Darmstadt Regional Court, Az 13 O 244/19 (REWIS RS 2020, 4460), May 25, 2020.

Lloyd v Google LLC [2019] EWCA Civ 1599.

Lloyd v Google LLC [2021] UKSC 50.

Mathie v Fries, No. 1274, 121 F.3d 808 (2d Cir. 1997).

Microsoft Corp v AT&T Corp, 550 US 437 (2007).

Murray v Big Pictures (UK) Ltd [2008] EWCA Civ 446.

National Football League v PrimeTime 24 Joint Venture, 211 F 3d 10 (2nd Cir, 2000).

Nautical Data Intl Inc v C-Map USA Inc 2013 FCA 63.

Personal Information Protection Law of the People's Republic of China (adopted 20 August 2021, entered into force 1 November 2021).

UI v Österreichische Post AG, Case C-300/21: Request for a preliminary ruling from the Oberster Gerichtshof (Austria) (12 May 2021), Opinion of Advocate General Campos Snchez-Bordona (6 October 2022).

Vidal-Hall v Google Inc [2015] EWCA Civ 311.

Vienna Convention on the Law of Treaties, 1155 UNTS 331 (adopted 23 May 1969, entered into force 27 January 1980).

Your Response Ltd v Datateam Business Media Ltd 2014 EWCA Civ 281.

Zarcone v Perry, No. 591, Docket 77-7469, 572 F.2d 52 (Second Cir. 1978).

Web Sources

Bureau of Economic and Business Affairs. “2021 Investment Climate Statements: United Kingdom.” US Department of State. Accessed 2 August 2022. Available at:

Davies, Huw, and Wigg, Leonard. “How to Assess Damages for Breaches under the GDPR: A Practical Guide.” Farrar’s Building. Last modified 1 February 2021.

Deutsch-Iranische Industry und Handelskammer. “Iranians are interested in the GDPR.” Last modified 21 August 2019. Available at:

Egeler, Mark, Tadema, Auke-Frank. “Collective actions and non-material damages under the GDPR: is it a match?.” Freshfield Bruckhaus Deringer. Last modified 4 March 2021. Available at:

European External Action Service. “EU Annual Report on Human Rights and Democracy in The World 2021: Country Updates.” Ares (2022)2359912. Adopted 30 March 2022. Available at:

Gabel, Detlev, et al. “Compensating non-material damages based on Article 82 GDPR – is there a de minimis threshold?,” White & Case LLP. Last modified 2 March 2021. Available at:

Hessel, Stefan. “Data protection: Lübeck Labour Court estimates a fine of €1,000 for the illegal use of an employee photo on Facebook.” Linkedin. Last modified 14 January 2020. Available at:

Information Commissioner’s Office. “About the DPA 2018.” Accessed 10 August 2022. Available at:,UK's%20status%20outside%20the%20EU.

Insurance Law Global. “When are you entitled to immaterial compensation under Dutch law?.” Last modified 24 July 2019. Available at:

Jones, Andrew. “How much are personal data breach claims worth?.” Lexology. Last modified 19 April 2021. Available at:

Judemann, Kai. “€1,500 in damages according to GDPR – ArbG Dresden of August 26, 2020, Az. 13 Ca 1046/20.” Judemann Lawyers. Last modified 24 October 2020. Available at:

Latham & Watkins. “GDPR Violations in Germany: Civil Damages Actions on the Rise: Number 2821.” Last modified 18 December 2020. Available at:

Moylan Burke, Lorcan. “European Union: Change Of Approach By Germany To Claims For Non-material Damage Under The GDPR.” Mondaq. Last modified 4 March 2022. Available at:

Werkmeister, Christoph, Roos, Philipp and Hamelin, Annabelle. “Non-material damages and the GDPR – Germany.” Freshfield Bruckhaus Deringer. Last modified 26 August 2021. Available at:

Wex Definitions Team. ”ejusdem generis.” Cornell Law School. Last modified February 2020. Available at:

Xiao, Eva. “China Passes One of the World’s Strictest Data-Privacy Laws.” The Wall Street Journal. Last modified 20 August 2021. Available at:




How to Cite

Akefi GHAZIANI, V., Akefi GHAZIANI, M., & Akefi GHAZIANI, M. (2022). Assessing Non-material Damages under the GDPR: A Review of The Recent Judicial Practice of Germany, UK, and the Netherlands. Revista Jurídica Portucalense, 274–299. Retrieved from



Scientific Research