Munich-based digital asset manager Scalable Capital must pay its customers damages of 2,500 euros following a breach of the GDPR and an associated data protection breach.
Scalable Capital ordered to pay damages
A breach of the GDPR can be expensive, as the Munich-based asset manager Scalable Capital has now had to find out for itself. According to its own information, the company currently manages around 10 million euros in money from 600,000 customers.
In October 2020, the company had to admit to a data leak in which unauthorized persons were able to gain access to personal data of more than 33,000 active and former customers and thus tap addresses, tax data or securities account information, as reported by the Frankfurter Allgemeine Zeitung.
Judgement already made in December 2021
Thus, Scalable Capital had violated the strict requirements and liability provisions of the General Data Protection Regulation (GDPR). In December 2021, a plaintiff, with the support of the legal services provider EuGD (Europäische Gesellschaft für Datenschutz mbH), obtained immaterial damages of 2,500 euros before the Munich I Regional Court.
In assessing the penalty, the court took into account the fact that the data had not yet been misused. At the same time, however, the court wanted to achieve a “deterrent effect” with the judgment (file number 31 O 16606/20).
According to the court, the security vulnerability was avoidable, which therefore constitutes a violation of the GDPR. In July 2022, Scalable Capital withdrew its appeal against the ruling.
Especially since the Higher Regional Court had already indicated at the hearing “that it will also possibly decide the appeal in favor of the plaintiff,” said Diana Ettig, lawyer for the plaintiff.
The ECJ is confident after the first final judgment in this area and encourages more customers to assert their rights. After all, it pays off: in the event of success, the legal services provider retains 25 percent of the sum recovered.
“EuGD has now obtained a legally binding judgment for damages in a first case due to a data leak. Hopefully, this will encourage other consumers to assert their rights,” explains Thomas Bindl, founder of EuGD in the press release.
On the own homepage one moves besides prominently the example Scalable Capital into the foreground and offers the possibility of letting examine the claim against Scalable Capital free of charge. Most recently, GDPR violations by Hannoversche Volksbank and by Volkswagen also became known. The carmaker even has to pay a fine of 1.1 million euros.