CKT

2 George’s Quay, Cork T12 TR2A

Ormond Building, 31-36 Ormond Quay, Upper Dublin 7 D07 E303

Court dismisses claim pursuant to S.117 of GDPR

  • December 11, 2025
  • Posted by: Colm Hurley
  • Category: News
No Comments
Person using laptop with a large chain across

Introduction

A recent decision of the Circuit Court[1] has re-applied principles from Kaminski v Ballymaguire Foods Ltd [2023] IECC 5.  In dismissing the claim, the Court emphasised that:

  • Mere GDPR breach does not automatically warrant compensation.
  • Non-material damage must be genuine, proven, and beyond ‘mere upset.
  • Appropriate apologies and remedial steps may mitigate damages.

In this article, Alison Kelleher, Partner in CKT’s Healthcare and Litigation departments and key contact in the Data Protection/GDPR and Freedom of Information Service, reviews the recent decision.

Background

The plaintiff, Mark Walsh, a prison officer, alleged a breach of GDPR in November 2018 when an interview scoring sheet and related documents were mistakenly emailed to another prison officer with the same name at a different prison. The plaintiff sought a declaration of unlawful processing and damages under Section 117 of the Data Protection Act 2018 and Article 82 of GDPR.

The plaintiff was advised of the breach by the recipient in December 2018 and raised the issue internally.  The Irish Prison Service acknowledged the error and issued an apology in January 2019.

Breach of duty was admitted but the claim was defended on the basis that the damage to the Plaintiff was no more than mere upset.

The Court’s Decision

The court found the plaintiff experienced annoyance and embarrassment but did not meet the threshold for compensable non-material damage. In making that finding it was noted that no medical evidence was offered, that the Plaintiff did not miss work and did not identify the particular person who allegedly taunted or bullied him.

In particular, the apology was described by the trial Judge as “fulsome” and the corrective measures were deemed adequate.

In dismissing the Plaintiff’s claim, the court applied principles from Kaminski v Ballymaguire Foods Ltd [2023] IECC 5, emphasising that:

  • mere GDPR breach does not automatically warrant compensation.
  • non-material damage must be genuine, proven, and beyond ‘mere upset’.
  • apologies and remedial steps may mitigate damages.

The Court exercised its discretion in making no order as to costs.

Conclusion

This judgment offers reassurance to data controllers by reaffirming the principles established in Kaminski v Ballymaguire Foods Ltd. It underscores that GDPR claims for non-material damage must be supported by clear, demonstrable evidence of harm beyond mere inconvenience or embarrassment. Notably, the court highlighted the value of prompt apologies and effective remedial measures in mitigating potential liability.

For more information on the decision, or more general queries regarding GDPR, contact our data protection team.

[1] Mark Walsh v Irish Prison Service [2025] IECC 8