Brillen Rottler

Request for a preliminary ruling from the Amtsgericht Arnsberg (Germany) lodged on 31 July 2024 – Brillen Rottler GmbH & Co. KG v TC

(Case C-526/24, Brillen Rottler)

Language of the case: German

Referring court

Amtsgericht Arnsberg

Parties to the main proceedings

Applicant: Brillen Rottler GmbH & Co. KG

Defendant: TC

Questions referred

Is the second sentence of Article 12(5) of the General Data Protection Regulation ¹ (GDPR) to be interpreted as meaning there cannot be an excessive information request from the data subject when the first request is made to the controller?

Is the second sentence of Article 12(5) of the GDPR to be interpreted as meaning that the controller can refuse an information request from the data subject if the data subject intends to use the information request to provoke claims for damages against the controller?

Is the second sentence of Article 12(5) of the GDPR to be interpreted as meaning that grounds for refusing to provide information can be provided by publicly available information about the data subject which suggests that the data subject is asserting claims for damages against the controller in a large number of cases of infringement of the law relating to the protection of personal data?

Is Article 4(2) of the GDPR to be interpreted as meaning that an information request from a data subject to the controller pursuant to Article 15(1) of the GDPR and/or a response to that request constitutes processing within the meaning of Article 4(2) of the GDPR?

In view of the first sentence of recital 146 of the GDPR, is Article 82(1) thereof to be interpreted as meaning that only damage which the data subject suffers or has suffered as a result of processing is eligible for compensation? Does this mean that for there to be a claim for damages under Article 82(1) of the GDPR – assuming causal damage to the data subject exists – there must necessarily have been processing of the data subject’s personal data?

If the answer to Question 5 is in the affirmative: Does this mean that the data subject – assuming causal damage exists – has no claim for compensation under Article 82(1) of the GDPR solely on the basis of an infringement of his or her right to information under Article 15(1) of the GDPR?

Is Article 82(1) of the GDPR to be interpreted as meaning that the controller’s objection relating to an abuse of right in relation to an information request from the data subject cannot, in view of EU law, consist in the fact that the data subject brought about processing of his or her personal data solely or inter alia in order to assert claims for damages?

If the answers to Questions 5 and 6 are in the negative: Does the mere loss of control and/or uncertainty about the processing of the data subject’s personal data associated with an infringement of Article 15(1) of the GDPR constitute non-material damage to the data subject within the meaning of Article 82(1) of the GDPR or does it also require a further (objective or subjective) restriction and/or (significant) damage to the data subject?

____________

¹ Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ 2016 L 119, p. 1).