Court case 4 O 13063/22 – Court Ruling (Germany, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A German court ruled that a company using Google Fonts on its website did not have to pay damages for transferring user data to the US. The court found that since the data was collected by automated systems and not by actual visitors, there was no real harm. This decision highlights the importance of understanding how data collection methods can impact legal outcomes.
What happened
A court ruled that the use of Google Fonts on a website did not warrant damages for data transfers to the US.
Who was affected
Individuals whose data was collected by automated systems rather than by visiting the website directly.
What the authority found
The court decided that automated data collection did not cause real harm to individuals, so no damages were owed.
Why this matters
This case shows that courts may consider the method of data collection when deciding on privacy violations. Website operators should assess how their data collection practices might be viewed legally.
GDPR Articles Cited
The controller embedded Google Fonts on its website. When a user visited the website, their personal data were transferred to Google Inc. in the US. Considering that the controller violated Chapter V of the GDPR, a data protection association deployed an automated system – a so-called “web crawler” – to detect data transfers through Google Fonts tools. Then, the association representing the data subjects contacted the controller and asked for non-material damages under Article 82 GDPR. Meanwhile, the controller had updated its website and removed the Google Fonts. The controller argued that the claim for damages was part of a broader initiative affecting hundreds of thousands of controllers in Germany. The controller stressed that the individual data subjects represented by the data protection association never manually and directly visited its website. Thus, the controller brought action against the association and asked the Regional Court of Munich (LG Münich) to declare the association’s claims unlawful. The German Court upheld the controller’s arguments. The court did not consider whether the controller violated the GDPR by undertaking data transfers to the US, nor whether the data subjects implicitly consented to such transfers by accepting to visit the websites. Instead, the court focused on the fact that a person that did not directly and manually visited a website could not feel any annoyance or uncertainty with regard to the transfer of their personal data to a third country. From this perspective, the use of web crawlers played a major role in ruling out an actual infringement of data subjects’ rights. The court also stated that, even imaging that the use of web crawlers was compatible with a violation of the data subject’s informational self-determination, the data subject provoked the situation against which they complained. In light of the above, the Court adopted a decision declaring the lack of legal basis for any claim for damages under Article 8
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Court case 4 O 13063/22 in DE
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Court case 4 O 13063/22 - Germany (2023). Retrieved from cookiefines.eu
Last updated: