In October 2020, the digital asset manager Scalable Capital from Munich had to admit that unauthorized persons had gained access to the data of more than 33,000 active and previous customers.
This data protection incident could have costly consequences for the online broker.
In a pilot lawsuit, a customer concerned at the time before the Munich District Court I for the first time fought for damages in the amount of 2,500 euros.
Marcus Jung
Editor in business.
Follow I follow
In the judgment of December 9th, which is available to the FAZ, the 31st Civil Chamber affirmed an identity theft according to "scope and type of stolen data", which entitles the holder to claim damages under Article 82 of the General Data Protection Regulation (GDPR).
In the event of culpable violations, this grants those affected an “appropriate compensation for pain and suffering”.
In addition, Scalable must compensate the plaintiff for any future material damage resulting from the data theft.
The judgment is not yet final (Ref .: 31 O 16606/20).
Liability after data protection violations
"The ruling sends a clear signal to consumers: They now know that they can enforce the rights that the GDPR gives them," says Thomas Bindl, founder of the European Society for Data Protection (EuGD), who is accompanying the process as a legal service provider has. As far as is known, it is one of the very few judgments that allow a consumer or customer such an immaterial claim for damages. In March 2021, the Münster Labor Court affirmed this in the case of images of an employee being used for marketing purposes without her consent. And anyone who receives advertising emails without having given their consent beforehand can, according to the district court of Pfaffenhofen, demand up to 300 euros from the sender because of the unlawful data processing.
From a company's point of view, the Scalable case may be explosive because the data leak could cause many potential claimants to sue for a data protection breach - even if the principle of a class action based on the Anglo-American model is not possible in this country.
In a statement, the online broker announced that they took note of the decision.
"In terms of content, Scalable considers the regional court decision of the individual case in question to be incorrect for several reasons and will therefore have this decision reviewed in full by the court," the statement said.
In addition, one did not want to comment on the details in ongoing proceedings.
In the past, EuGD and another legal service provider, Kleinfee from Düsseldorf, announced numerous claims for damages due to the data theft at Scalable.
The EuGD promises four-digit claims to those affected and, in the event of success, retains 25 percent of the amount won.
According to the Munich judiciary, no further lawsuits are pending against the asset manager.
For the debt collection service provider from Munich, Scalable is the second major dispute alongside the lawsuits against Mastercard.
According to reports, 2000 victims are making claims against the credit card company via the portal.
An appeal is now pending at the Federal Court of Justice.