Court case 10 O 14/21 – Court Ruling (Germany, 2023)
A German court dismissed a consumer's claim against an online shop for alleged data protection violations. This ruling is important because it clarifies the requirements for making claims under data protection laws.
What happened
A consumer claimed that an online shop unlawfully processed their personal data and sought injunctive relief.
Who was affected
The consumer who alleged that their personal data was mishandled by the online shop.
What the authority found
The Regional Court Wiesbaden ruled that the consumer's claim was not specific enough and therefore inadmissible.
Why this matters
This case sets a precedent for how specific claims must be when alleging data protection violations. It reminds consumers and businesses alike to be clear and detailed in their claims.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
The controller operates several websites. The data subject stated that, as a consumer, he ordered household goods from the controller's online shop in 2020, giving his name and address. According to the data subject, the controller violated data protection law in several ways. He stated that the controller had deliberately integrated malware into its site, which manipulated the data subject's internet browser. Thereby, personal data had been unlawfully processed by the controller itself, as well as being irrevocably forwarded to foreign third party companies in order to track his online behaviour by setting cookies without his consent. Due to the alleged violations, the data subject claimed to be entitled to injunctive relief for infringement of Article 6(1) GDPR. Furthermore, he argued the infringement of Article 26 GDPR (joint responsibility) and Article 44 GDPR (third country transfer). The controller argued that the data subject had not sufficiently substantiated his claim since he had neither specified the processing of his data that allegedly took place nor described it accurately. Moreover, according to the controller, there is no basis for a claim because the GDPR does not provide for injunctive relief under civil law. The Regional Court Wiesbaden found the data subject's action both inadmissible and unfounded. First, the court stated that the data subject's claim was not sufficiently specific as it did not specify what exact behaviour he wanted to prevent with the injunction. Then, the court added that the lack of specification of the exact data processing activity also made the claim unfounded as the data subject had not even given information on what and when he ordered in what specific online shop of the controller. To the court it was clear that the data subject was not concerned with being affected in a specific case where he saw his personal rights violated, but rather a fundamental abstract clarification. There had been no pre-judicial correspon
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Violations (3)
Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.
Art. 6(1) GDPR
Third-party tracking cookies or scripts are loaded without obtaining prior user consent.
Art. 13, 14 GDPR
The cookie banner uses misleading language to trick or pressure users into accepting cookies (dark patterns).
Art. 7 GDPR
Related Cases (0)
No other cases found for Court case 10 O 14/21 in DE
This is the only recorded case for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
About this data
Cite as: Cookie Fines. Court case 10 O 14/21 - Germany (2023). Retrieved from cookiefines.eu
Last updated: