Court case 34 O 13123/19 – Court Ruling (Germany, 2019)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A German court ruled against a request to stop MasterCard from processing personal data after a data leak exposed sensitive information online. The court said the request wasn't clear enough about what actions MasterCard should take. This decision highlights the importance of clearly defining legal requests when dealing with data protection issues.
What happened
MasterCard faced a court case after a data leak exposed sensitive customer information online, but the court rejected the request to stop data processing.
Who was affected
Customers of MasterCard's 'Priceless Specials' loyalty program whose personal data was exposed online.
What the authority found
The court found the request to stop MasterCard's data processing was too vague and not legally justified.
Why this matters
This case shows the need for precise legal requests in data protection cases and highlights that simply asking to stop data processing isn't enough without clear legal grounds. Businesses should ensure their data protection measures are robust to avoid similar legal challenges.
GDPR Articles Cited
National Law Articles
An individual participated in the MasterCard's loyalty programme “Priceless Specials". The individual objected to MasterCard's processing of personal data and asked it to refrain from processing without adequate precautions against data misuse. Further, the complainant learned that the other participants’ sensitive personal data was publicly accessible online. Following the mentioned request, MasterCard informed the data subject that an incidence led to unauthorised online publication of the personal data of some of its customers. The representative of the data subject filed an injunction asking MasterCard to cease the processing and acknowledge its responsibilities regarding the lack of security. MasterCard did not respond. Thus, the complainant’s representative filed a motion before the Regional Court of Munich. The applicant based theirs claims principally on the GDPR and the German Civil Code (BGB). The Court emphasised the need to implement adequate and appropriate safety measures, but it rejected the application for injunction as unfounded. It found that the request was not sufficiently precise, since it didn't clearly ask what measures the defendant should take. Also, the Court pointed out that the applicant has the possibility to object to the processing of his personal data and to terminate the contract with the data controller. The Court stated that such an injunction would have been well founded only if the change of an existing condition to the processing could thwart or substantially complicate the realisation of a right of the plaintiff. In such context, it stressed that the right to stop unlawful processing of data is not enshrined as such in the German data protection act and that the mere processing of data contrary to the act does not constitute a violation of the law. Finally, it confirmed the data controller’s arguments that to cease the processing will not stop the risk of the personal data incident repetition and stated that measure
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Court case 34 O 13123/19 in DE
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Court case 34 O 13123/19 - Germany (2019). Retrieved from cookiefines.eu
Last updated: