Dutch TikTok data protection class action claims falter

In a recent ruling, the Court of Amsterdam said that where individual claims amount merely to claims for compensation for ‘immaterial damage’ and are disparate in nature, then those claims cannot be bundled together for the purposes of taking forward a mass claim in the Netherlands.

The ruling was made in a case involving Chinese social media company TikTok, which is facing claims that it is responsible for privacy violations impacting more than 1.5 million child users of the app in the Netherlands.

Three organisations have been seeking the Amsterdam court’s permission to act as the exclusive representative of the users and bundle their claims together in a collective action against TikTok. However, while the court has said that the claims for compensation for material damage are provisionally admissible, meaning they can be considered more substantively in later court proceedings, other claims for compensation for ‘immaterial damages’ cannot be taken forward under the Dutch collective redress regime.

The Amsterdam court said: “Any claim for immaterial damages by each user depends so much on the individual situation of that user that these claims are not sufficiently similar to be eligible for consolidation.”

The court added that it cannot be assumed that the user had suffered “injury” on the basis of the “nature and seriousness of the privacy violations” alleged.

Article 80 of the GDPR provides data subjects with the right to mandate a not-for-profit body, organisation or association to lodge data protection complaints and pursue judicial remedies against organisations or data protection authorities on their behalf. Data subjects can further mandate those not-for-profits to receive compensation they are entitled to under Article 82 of the GDPR on their behalf too, where they have suffered material or non-material damage as a consequence of an organisation’s breach of the GDPR.

Article 80 further provides EU member states with scope to enable those not-for-profits to lodge complaints or pursue judicial remedies of their own volition if they consider data subjects’ rights under the GDPR have been infringed.

In the Netherlands, the Act on Redress of Mass Damages in Collective Action (WAMCA) provides interest groups, associations or foundations with rights to claim damages on behalf of groups of people.

The extent to which data protection claims for ‘non-material’ damage can be raised in the context of mass claims has been heavily debated and litigated in recent years.

On 4 May 2023, the Court of Justice of the EU (CJEU) ruled that the mere infringement of the GDPR is not sufficient to confer a right to compensation but that EU member states are precluded from imposing rules or practices that require claims for compensation based on non-material damage to reach “a certain degree of seriousness”.

While some EU countries already have relatively mature legal frameworks facilitating mass claims, many others do not. The position has, however, changed with the introduction of the EU Directive on Representative Actions for the Protection of the Collective Interests of Consumers (the Representative Actions Directive, or RAD). RAD requires EU member states to have in place at least one procedural mechanism which meets minimum standards set out in the directive, for consumers to seek collective redress when they claim to have been harmed by a business through breaches of certain European consumer laws – including in the field of data protection.