Facebook – Court Ruling (Germany, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A German court ruled that Facebook did not violate data protection laws in a case involving a user who was worried about their phone number being scraped. The user claimed they lost control over their data, but the court found the claims were too vague. This ruling shows that users need to be careful about their privacy settings on social media.
What happened
A user sued Facebook over concerns that their phone number was scraped from the platform.
Who was affected
The user who registered their profile with a phone number and was concerned about data scraping.
What the authority found
The court held that the user's claims did not meet the requirements for a damages claim under GDPR, as the alleged data scraping was not considered hacking.
Why this matters
This ruling emphasizes the need for users to actively manage their privacy settings on social media platforms. It also indicates that vague claims about data misuse may not hold up in court.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
The plaintiff was a user of the defendant's social media plattform. He registered his profile with his phone number and didn't change the preset visibility option to "not visible". This option is set to "visible" in order to get found by phone number, the users get informed about this during registration. Business Insider on 4/3/2021 published an article reporting about scraping of phone numbers from the defendant's platform by unknown third parties. On July 2, 2021, The plaintiff sent a letter to the defendant demanding payment of damages and a cease and desist order, the defendant responded to the plaintiff's letter on September 30, 2021. On November 25, 2022, The Irish Data Protection Commission fined the defendant for violating the GDPR with €265 million for violating the GDPR and ordered the defendant to take remedial action. The plaintiff has not yet been the victim of identity theft; her account at the defendant's platform has also not been taken over by unknown third parties. The plaintiff has since changed the settings in her account so that her telephone number can no longer be accessed via the contact import tool. The plaintiff argues that she has been victim of a data breach, received (but did not answer) several calls from outside the country, that she lost control over her data and was in big worries about misuse of her data. She mentioned that she's getting a lot of strange short messages with apparent fraud attempts. This was due to missing security controls on the defendant's platform. The defendant argues, that the claim was to dismiss as the claims were too vague and the claim for a declaratory judgment lacked interest. The requirements for a claim for damages under Article 82 GDPR were not met since scraping was not hacking. In addition the defendant argued the loss of control alleged by the plaintiff was not sufficient. The claim is inconcise: text messages and calls from the beginning to mid-2019 described by the plaintiff are not necessarily
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (7)
Other cases involving Facebook in DE
Court Ruling
Details
About this data
Cite as: Cookie Fines. Facebook - Germany (2023). Retrieved from cookiefines.eu
Last updated: