Court case 9 O 173/24 – Court Ruling (Germany, 2024)
A German court addressed a lawsuit from a social media user who claimed her privacy was violated. The user argued that the platform was tracking her activities without consent and transferring her data to the U.S. The court's decision highlights ongoing concerns about data privacy and the need for clear consent mechanisms.
What happened
A user sued a social media platform for tracking her activities and transferring her data to the U.S. without her consent.
Who was affected
The user of the social media platform who felt her privacy was compromised.
What the authority found
The court found that the platform's practices regarding tracking and data transfer lacked proper transparency and consent under GDPR.
Why this matters
This ruling reinforces the need for social media companies to ensure clear consent and transparency in their data practices. Website operators should review their privacy policies to comply with these standards.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The data subject is a user of a social network platform, which also provides a messaging service. This platform is managed by a company with its headquarter in the USA. The data subject initiated a lawsuit before the Regional Court of Traunstein (Landesgericht Traunstein – LG Traunstein). Firstly, she argued that the controller is constantly monitoring her private messages and that the privacy policy is not transparent and is too complex. Secondly, she argued that, through cookies, the controller is collecting data relating to activities that happen outside the social network without her consent. Thirdly, she claimed that the controller forwarded all her personal data from and in connection with her account to the USA. She argued that this transfer is unlawful since the USA did not guarantee a level of protection equivalent to the GDPR. Therefore, the data subject asked the court to order the controller to pay non-material damages. As for the first argument, the controller pointed out that it conducts scans on the private messages only when to detect child sexual abuse material (CSAM) in compliance with the [https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32002L0058 ePrivacy Directive 2002/58/EC] (see [https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32021R1232 Article 3 Regulation (EU) 2021/1232]). Moreover, the controller argued that it is respecting its transparency obligations and that the transfer of data to the US is legal since there is an adequacy decision and, before that, there were SCCs. First of all, the court ruled that the data subject has not demonstrated that the controller is systematically and automatically monitors the content exchanged via the messenger service. In every case, it found that the controller has proven that it carries out only permissible CSAM scanning. According to the court, this processing is covered by the legal basis provided for by Article 6(1)(f) GDPR. Secondly, it held that, due to the extensive dat
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Violations (3)
Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.
Art. 6(1) GDPR
Third-party tracking cookies or scripts are loaded without obtaining prior user consent.
Art. 13, 14 GDPR
The cookie banner or cookie policy provides vague, incomplete, or unclear information about what cookies are used and why.
Art. 12, 13 GDPR
Related Cases (0)
No other cases found for Court case 9 O 173/24 in DE
This is the only recorded case for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
About this data
Cite as: Cookie Fines. Court case 9 O 173/24 - Germany (2024). Retrieved from cookiefines.eu
Last updated: