Facebook – Court Ruling (Germany, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A German court ruled that Facebook must delete certain records related to a user's post about Covid-19 vaccines. This matters because it emphasizes the importance of data deletion rights for users. Companies need to be aware of how long they can keep user data.
What happened
Facebook was ordered to delete records of a user's post and related blocking entries that were older than one year.
Who was affected
The ruling affected a Facebook user who had their post removed and sought to have the deletion records erased.
What the authority found
The court decided that Facebook had to delete the records because the violations expired after one year, as stated in its terms and conditions.
Why this matters
This case highlights that companies must adhere to their own data retention policies. It sets a precedent for users to challenge companies on data deletion practices.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
The controller operates the social network Facebook. The data subject is a Facebook user. On the 16 September 2021, the data subject re-posted another user’s post on the alleged ineffectiveness and dangers of Covid-19 vaccinations, claiming the “studies published by the CDC, the British government and Oxford University have shown that Covid-19 vaccines are ineffective”. On the same day, the controller removed this post and informed the data subject about this deletion who then appealed the decision without giving further reasons. The controller, however, did not change its decision. The controller’s terms and conditions stipulated that all violations against the community standards expire after one year. With his lawsuit, the data subject demanded, inter alia, * the rectification of his data saved with the controller insofar as all deletion and blocking entries from the controller’s system should be deleted and the counter that counts them should be reset; * decide, by way of a declaratory judgement, that the controller was not allowed to remove the post and confer on the data subject any kind of blocking; * the unblocking of said Facebook post; * €50 in damages. The Regional Court (Landgericht Frankfurt – LG Frankfurt) dismissed the lawsuit completely. The data subject then appealed the decision to the Higher Regional Court Frankfurt (Oberlandesgericht Frankfurt – OLG Frankfurt). The OLG Frankfurt held that the controller had to delete all deletion and blocking entries older than 1 January 2021 and the entry referring to the 16 September 2021 and to reduce the respective counter accordingly. Furthermore, the OLG partially granted the data subject pre-court lawyer costs; the rest of the appeal was dismissed. = The legal basis for the deletion claim follows from Article 17(1)(a) GDPR. The controller was not able to demonstrate the necessity of the further processing of these data since the violations expired after one year according to the terms and conditions of
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (7)
Other cases involving Facebook in DE
Court Ruling
Details
About this data
Cite as: Cookie Fines. Facebook - Germany (2024). Retrieved from cookiefines.eu
Last updated: