Court case 19 O 147/22 – Court Ruling (Germany, 2023)

The data subject was a computer scientist and Facebook user. While using Facebook's social media services, the data subject provided several mandatory personal data, including their first name, last name and sex.. These data points, including the system generated "Facebook ID", were publicly visible by default on the user profile. In addition the data subject added his mobile phone number. The mobile phone number was also visible by default but the user could change the visibility in the settings. The data subject limited the visibility to the "target group search“ setting, but left the searchability option for his mobile phone number visible. In 2021, unknown “third parties” published data, that has been scraped from the website in 2019. The data subject lamented that since then he received anonymous calls and spam emails. This entailed negative psychological consequences for him. Thus, the data subject asked for €500 in non-material damages under Article 82 GDPR. The controller replied that data scraping - which is not hacking - does not entail a violation of the GDPR by the controller, as no mandatory security measures where circumvented and the plaintiff made an informed decision to voluntarily share their phone number on the site. The court rejected the request for damages under Article 82 GDPR. The court held that there was no breach of duty by the controller that could trigger damages. The publication of the mobile phone number wasn‘t mandatory and the data subject had the (unused) option to hide the phone number on their profile. The court was of the opinion, that the controller did not breach its duty to adequately protect the personal data of users in accordance with Article 32 GDPR. The controller was not obliged to take protective measures to prevent the collection of already publicly accessible information. The controller also did not violate the principle of "privacy by default" enshrined in Articles 24 and 25(2) GDPR. It was undisputed that only th