Court case 10 O 14/21 โ Court Ruling (Germany, 2023)
A German court dismissed a consumer's claim against a company for allegedly using malware and tracking cookies without consent. The court found the claim lacked specifics and was unfounded. This ruling highlights the importance of clear evidence in privacy-related cases.
What happened
A consumer claimed a company used malware and tracked cookies without consent.
Who was affected
The consumer who ordered goods from the company's online shop.
What the authority found
The court ruled that the consumer's claim was not specific enough to warrant action under GDPR.
Why this matters
This case illustrates that consumers must provide clear evidence when making privacy claims. It also reminds businesses to ensure their data practices are transparent and compliant.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
The controller operates several websites. The data subject stated that, as a consumer, he ordered household goods from the controller's online shop in 2020, giving his name and address. According to the data subject, the controller violated data protection law in several ways. He stated that the controller had deliberately integrated malware into its site, which manipulated the data subject's internet browser. Thereby, personal data had been unlawfully processed by the controller itself, as well as being irrevocably forwarded to foreign third party companies in order to track his online behaviour by setting cookies without his consent. Due to the alleged violations, the data subject claimed to be entitled to injunctive relief for infringement of Article 6(1) GDPR. Furthermore, he argued the infringement of Article 26 GDPR (joint responsibility) and Article 44 GDPR (third country transfer). The controller argued that the data subject had not sufficiently substantiated his claim since he had neither specified the processing of his data that allegedly took place nor described it accurately. Moreover, according to the controller, there is no basis for a claim because the GDPR does not provide for injunctive relief under civil law. The Regional Court Wiesbaden found the data subject's action both inadmissible and unfounded. First, the court stated that the data subject's claim was not sufficiently specific as it did not specify what exact behaviour he wanted to prevent with the injunction. Then, the court added that the lack of specification of the exact data processing activity also made the claim unfounded as the data subject had not even given information on what and when he ordered in what specific online shop of the controller. To the court it was clear that the data subject was not concerned with being affected in a specific case where he saw his personal rights violated, but rather a fundamental abstract clarification. There had been no pre-judicial correspon
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Violations (3)
Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.
Art. 6(1) GDPR
Third-party tracking cookies or scripts are loaded without obtaining prior user consent.
Art. 13, 14 GDPR
The cookie banner uses misleading language to trick or pressure users into accepting cookies (dark patterns).
Art. 7 GDPR
Related Cases (0)
No other cases found for Court case 10 O 14/21 in DE
This is the only recorded case for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
About this data
Cite as: Cookie Fines. Court case 10 O 14/21 - Germany (2023). Retrieved from cookiefines.eu
Last updated: