Court case 23 O 10931/20 – Court Ruling (Germany, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A court in Munich dismissed a claim for damages over an alleged data breach on a social network. The user claimed they lost control of their data, but the court found no evidence of a breach. This case shows the importance of proving actual harm when seeking damages for data protection issues.
What happened
The Munich court dismissed a user's claim for damages over an alleged data breach on a social network.
Who was affected
A user of a social network who claimed their data was mishandled and sought damages.
What the authority found
The court found no evidence of a data breach or mishandling of the user's information and rejected the claim for damages.
Why this matters
This ruling emphasizes that claims for data protection violations must be backed by clear evidence of harm. It serves as a reminder for users and businesses about the importance of maintaining and proving data security.
GDPR Articles Cited
The controller operates a social network and an online platform. The data subject created a customer account there using his law firm e-mail address. In July 2020, the data subject demanded damages from the controller because of an alleged data protection incident from January 2019 on the website to his e-mail address. The controller replied, telling the data subject that it did not own the website. Therefore, it informed the data subject how and via which URL he could view and download a complete copy of the data stored about him within his user account. The data subject claimed that the URL links sent by the controller were useless because they showed “page not found” when called. The data subject sought damages for an alleged data breach. He claimed that the defendant did not answer his request for information. The data subject had initially claimed that his data was stolen from his account as part of a hack in February 2019. In 2021, the data subject submitted that a data protection incident regarding his e-mail address was no longer at stake, but rather his account on the platform. He alleged that he lost control of his data as a result of the breach of his right to information and the data leak made possible by system errors. According to him, this amounted to an immaterial damage to be valued at least € 4,500 due to the seriousness of the data protection violation. Before the court, the data subject requested to order the controller to pay him € 6,650 plus interest. The controller submitted that it fulfilled its information obligations under the GDPR. It argued that its information system was customary in the market. Furthermore, the data subject no longer responded to the notification of the links. In addition, the controller denied a data protection incident concerning the plaintiff's e-mail address. The Regional Court of Munich rejected the data subject's claim. It held that the mere allegation that damage has occurred due to the loss of control over dat
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Court case 23 O 10931/20 in DE
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Court case 23 O 10931/20 - Germany (2021). Retrieved from cookiefines.eu
Last updated: