Meta Platforms Ireland Limited – Court Ruling (Germany, 2025)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A court ruled that Meta Platforms Ireland Limited could continue using its 'Find Friends' feature, which allows users to upload others' contact information. This matters because it shows that companies can process some data without explicit consent if they follow certain rules. Website operators should understand the importance of clear privacy policies and user consent.
What happened
The court decided that Meta's 'Find Friends' feature did not violate GDPR despite concerns about data processing without consent.
Who was affected
Users of Facebook and individuals whose information was uploaded by these users were affected.
What the authority found
The court held that Meta had a legal basis for processing the data, as users could delete the information at any time.
Why this matters
This decision sets a precedent for how companies can manage user data and highlights the need for transparency in data processing practices. It encourages businesses to clearly communicate their data handling policies.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
Meta Platforms Ireland Ltd (the controller) is a company that operates the social media platform Facebook. An umbrella consumer organisation brought a complaint regarding Facebook’s “Find Friends” feature. This feature allows registered data subjects to upload third persons’ contact information, as well as pictures, nicknames, relationship status or professional details. This also applies to third persons who are not Facebook users. At the time, the controller stored all this data, including log data related to calls and text messages (metadata). Data subjects who uploaded this data were able to delete it from their account at any moment. According to the controller’s privacy policy, the aim of this processing was to help connect people or generate friend suggestions for data subjects. The controller retained data of non-registered data subjects in the event that they created an account in the future. The consumer organisation brought a case against the controller in June 2018, demanding that the court issue a cease-and-desist subject to a penalty. According to the organisation, the “Friends Finder” feature violated Article 6(1)(a) GDPR, 25(2) GDPR and 5(1)(c) GDPR, because the controller processed data subjects’ data without consent. The organisation also argued that the controller created comprehensive user profiles for personalised advertising purposes without a legal basis, in violation of Article 6(1) GDPR. In addition, the controller lacked explicit consent to process sensitive personal data that users entered in their accounts, in violation of Article 9(2)(a) GDPR. Finally, the organisation argued that the controller did not meet its information obligations by providing legal bases without linking them to specific data processing activities and purposes. This was a violation of Article 13(2)(f) GDPR. The controller argued that the organisation did not have standing, and contested the competence of the court. The controller also argued that its processing ac
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (2)
Other cases involving Meta Platforms Ireland Limited in DE
Court Ruling
Details
About this data
Cite as: Cookie Fines. Meta Platforms Ireland Limited - Germany (2025). Retrieved from cookiefines.eu
Last updated: