Meta Platforms Inc. – Court Ruling (Germany, 2025)

The Federal Press Office operated a fan page on the social network Facebook, provided by Meta Platforms Inc., where it provided information about current political activities of the Federal Government. When users visited the page, cookies could be placed on their end devices. In 2023, the Federal DPA (BfDI) prohibited the Federal Press Office from operating its fan page because the design of the cookie banner used by Meta was not GDPR compliant. It held that the Federal Press Office was regarded a joint controller, together with Meta, responsible for ensuring that the data processing regarding cookies was based on a sufficient legal basis such as consent. Therefore, not only Meta, but also the Federal Press Office, as the operator of the fan page, was legally obliged to obtain the consent of the respective visitor. Both the Federal Government and Meta appealed against the DPA's decision addressed to the Federal Press Office before the court of first instance (Cologne Administrative Court-VG Cologne). The court held that under the GDPR, Meta and the Federal Press Office were not joint controllers for the contested data processing. Meta was solely responsible for obtaining the consent of visitors of the fan page for the placement of cookies. It ruled that the Federal Press Office's contribution to the storage and reading of cookies was limited to the operation of the page. In particular, the Federal Press Office could not specify any parameters for the placement of the cookies and the analysis of the data collected. In the opinion of the court, the mere facilitation of data processing does not constitute the necessary joint determination of the means of data processing. Consequently, the Press and Information Office of the Federal Government was permitted to continue operating its Facebook fan page.