Court case 9 O 173/24 – Court Ruling (Germany, 2024)
A German court ruled that a social media platform violated privacy laws by tracking users without proper consent. This ruling is significant because it emphasizes the importance of transparency and consent in data collection. Website operators should ensure they clearly inform users about data practices.
What happened
The court found that the social media platform collected data from users' private messages and tracked their activities outside the platform without consent.
Who was affected
Users of the social media platform whose private messages and browsing activities were monitored.
What the authority found
The court decided that the platform lacked a valid legal basis for processing personal data, violating GDPR requirements for consent and transparency.
Why this matters
This case highlights the need for companies to have clear consent mechanisms in place. It shows that courts are serious about enforcing privacy rights.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The data subject is a user of a social network platform, which also provides a messaging service. This platform is managed by a company with its headquarter in the USA. The data subject initiated a lawsuit before the Regional Court of Traunstein (Landesgericht Traunstein – LG Traunstein). Firstly, she argued that the controller is constantly monitoring her private messages and that the privacy policy is not transparent and is too complex. Secondly, she argued that, through cookies, the controller is collecting data relating to activities that happen outside the social network without her consent. Thirdly, she claimed that the controller forwarded all her personal data from and in connection with her account to the USA. She argued that this transfer is unlawful since the USA did not guarantee a level of protection equivalent to the GDPR. Therefore, the data subject asked the court to order the controller to pay non-material damages. As for the first argument, the controller pointed out that it conducts scans on the private messages only when to detect child sexual abuse material (CSAM) in compliance with the [https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32002L0058 ePrivacy Directive 2002/58/EC] (see [https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32021R1232 Article 3 Regulation (EU) 2021/1232]). Moreover, the controller argued that it is respecting its transparency obligations and that the transfer of data to the US is legal since there is an adequacy decision and, before that, there were SCCs. First of all, the court ruled that the data subject has not demonstrated that the controller is systematically and automatically monitors the content exchanged via the messenger service. In every case, it found that the controller has proven that it carries out only permissible CSAM scanning. According to the court, this processing is covered by the legal basis provided for by Article 6(1)(f) GDPR. Secondly, it held that, due to the extensive dat
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Violations (3)
Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.
Art. 6(1) GDPR
Third-party tracking cookies or scripts are loaded without obtaining prior user consent.
Art. 13, 14 GDPR
The cookie banner or cookie policy provides vague, incomplete, or unclear information about what cookies are used and why.
Art. 12, 13 GDPR
Related Cases (0)
No other cases found for Court case 9 O 173/24 in DE
This is the only recorded case for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
About this data
Cite as: Cookie Fines. Court case 9 O 173/24 - Germany (2024). Retrieved from cookiefines.eu
Last updated: