Court case 24 O 1624/23 – Court Ruling (Germany, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A court in Germany dismissed a case where a customer claimed their personal data was shared without consent by a telecommunications company. The court ruled that the company had a legitimate interest in preventing fraud, which justified the data sharing. This decision shows that companies may be allowed to share data under certain conditions, even without explicit consent.
What happened
A German court ruled that a telecommunications company could share a customer's personal data without consent to prevent fraud.
Who was affected
The customer whose personal data was shared without their consent was affected.
What the authority found
The court decided that the telecommunications company had a legitimate interest in sharing the data, which met GDPR requirements.
Why this matters
This case illustrates that companies can sometimes share personal data without consent if they can prove a legitimate interest. Website operators should understand the balance between user consent and legitimate business needs.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The data subject signed a contract with the controller for telecommunications services. On 26 June 2023, the data subject received information about a data transmission. The data subject objected to the disclosure by the controller of his personal data included in a contract to a legal entity other than the parties to the contract. The controller registered contract data to a legal entity other than the parties to the contract, supporting a joint fraud control system for the credit industry. The controller shared the personal data (name, address, date of birth, dates of the start and end of a telecommunications contract, contract number and reporting feature) without explicit consent of the data subject. The data subject initiated legal proceedings and was seeking damages, in the form of non-material compensation, for a data transmission without consent. The Regional Court Memmingen dismissed the case on the grounds that the data subject had failed to prove the existence of any present or future damage that was reasonably likely to occur. The prevention of fraud may constitute a legitimate interest of the controller within the meaning of Article 6(1)(f) GDPR.
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Violations (1)
Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.
Art. 6(1) GDPR
Related Cases (0)
No other cases found for Court case 24 O 1624/23 in DE
This is the only recorded case for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
About this data
Cite as: Cookie Fines. Court case 24 O 1624/23 - Germany (2024). Retrieved from cookiefines.eu
Last updated: