Verbraucherzentrale NRW e.V., Beratungsstelle Köln – Court Ruling (Germany, 2023)
A German consumer group challenged Telekom Deutschland for sharing customer data with credit agencies without proper consent. The court ruled that the company used misleading cookie banners and violated GDPR. This case is important for businesses to understand that clear consent is necessary for data sharing.
What happened
The District Court of Cologne ruled against Telekom Deutschland for improperly sharing customer data and using misleading cookie banners.
Who was affected
Customers of Telekom Deutschland whose personal data was shared with credit agencies.
What the authority found
The court found that the company did not obtain valid consent for data sharing and misled users with its cookie banners.
Why this matters
This ruling emphasizes the need for transparency and proper consent mechanisms, urging companies to review their data practices.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The North Rhine-Westphalia Consumer Center brought an action against Telekom Deutschland GmbH, a German telecommunication company. The legal dispute before the District Court of Cologne concerned several points. First, the Consumer Center questioned the lawfulness of the controller's disclosure of personal financial data to credit ranking agencies, in particular SCHUFA Holding AG and CRIF Bürgel, in the context of the performance of mobile communication contracts. The controller provided these companies with personal data of its costumers in order to check their creditworthiness and prevent fraudolent behaviours. Second, the Comsumer Center doubted that the controller's privacy policy was GDPR compliant. Furthermore, in the opinion of the Consumer Center, the controller did not validly collect consent for the use of cookies on its website but rather relied on dark patterns in the cookie banners, that inevitably misled users. Finally, the transfers of customers' personal data to third countries - including the US - for analysis and marketing purposes violated GDPR. The Consumer Center claimed that when customers visited the controller's website, personal data like IP address and information about browser and device used by the visitor were transmitted to Google LLC. Therefore, the Consumer Center requested the court to order the controller: a) to refrain from transferring personal data to credit agencies, in particular SCHUFA Holding AG and CRIF Bürgel, when carrying out and/or executing mobile communication contracts. b) To refrain from using the privacy policy with regard to existing mobile communication contracts with consumers and from relying on such clauses for any future contracts. c) To bring the cookie banner design in compliance with the GDPR, especially by embedding an easy option not only to consent to cookies, but also to refuse them. d) To refrain from transferring personal data of consumers to third countries for advertising and marketing analy
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Violations (2)
Third-party tracking cookies or scripts are loaded without obtaining prior user consent.
Art. 13, 14 GDPR
The cookie banner uses misleading language to trick or pressure users into accepting cookies (dark patterns).
Art. 7 GDPR
Related Cases (0)
No other cases found for Verbraucherzentrale NRW e.V., Beratungsstelle Köln in DE
This is the only recorded case for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
About this data
Cite as: Cookie Fines. Verbraucherzentrale NRW e.V., Beratungsstelle Köln - Germany (2023). Retrieved from cookiefines.eu
Last updated: