Confirmed fines require intent or negligence and can be based on total group turnover.
In UI v Österreichische Post AG (C-300/21), the court held that mere infringement is not enough to warrant compensation; there must be actual damage, though there is no "seriousness" threshold. A later ruling (C-340/21) confirmed that a well-founded fear of data misuse can qualify as non-material damage. Summary Table of Landmark EU Case Laws Relevant Article Key Ruling / Impact Schrems II (C-311/18) Art. 44–46 GDPR Articles With Commentary & EU Case Laws
Invalidated the EU-US Privacy Shield due to US surveillance concerns. (C-21/23) Confirmed fines require intent or negligence and can