Court case 16 U 45/23 – Court Ruling (Germany, 2024)

The data subject has used an account in a social network operated by the controller. Upon registration, the data subject voluntarily entered his mobile phone number. As a default setting, a user profile could be found through the search function by entering the user's phone number, even if the number was not made visible for the person searching for the number. Furthermore, the social network included a contact import function that allowed users to import contacts from their smartphone and thus find other users among his phone contacts. To avoid being searchable for other users through one’s phone number, the user had to open and change the settings of the social network. The described functions made it possible to search for automatically generated phone numbers on the platform. If a generated number matched a user’s profile, the profile was shown. Thus, the scrapers knew that the number was really existing and in use and could link this number to the other data the data subject made public on the platform. Starting from January 2018, unknown persons obtained large amounts of account data and matching phone numbers, including the account data of the data subject. In 2021, these data could be found on the internet. The controller confirmed to the data subject in September 2021 that according to their information personal data of the data subject (the user ID, first and last name, and gender) were scraped from the platform. With his lawsuit, the data subject claimed, inter alia, non-material damages from the controller. The court held that, in the case at hand, despite an infringement of the GDPR there was no damage. The possibility of scraping user data from the platform amounted to processing of personal data under Article 4(2) GDPR. The court held, that the availability of the phone numbers for scraping does not fall under Article 6(1)(b) GDPR since this data processing is not strictly necessary for the performance of the contract between the parties. The data p