Vodafone – Court Ruling (Germany, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A German court ruled that Vodafone did not violate data protection rules when it processed a customer's personal data after they signed a contract. The customer claimed they didn't read the consent information, but the court decided that their signature was valid. This case highlights the importance of understanding what you're agreeing to when signing contracts.
What happened
Vodafone processed a customer's personal data after they signed a contract that included consent for data sharing.
Who was affected
The customer who signed the contract with Vodafone and had their data shared with Schufa.
What the authority found
The court determined that Vodafone had valid consent to process the customer's data, and the customer's claim was dismissed due to the statute of limitations.
Why this matters
This ruling emphasizes that signing a contract can be seen as valid consent for data processing. Small businesses should ensure their consent forms are clear and that users understand what they are agreeing to.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
The controller is a telecommunications company. In 2018, the data subject and the controller entered into a phone contract. The form for the contract included a paragraph which stated that the data subject consents to data exchange between Vodafone and Schufa and other credit rating agencies according to the respective terms and conditions. He also signed these terms and conditions including the controller's data protection information. The data subject claimed that he had not read this information sheet. However, he argued that without signing these documents he was not able to conclude the contract. Subsequently, the controller transferred data about the conclusion of the telecommunications contract to Schufa. In a [https://www.schufa.de/newsroom/schufa/daten-loeschung-telekommunikationskonten/ press release made public on 19 October 2023], Schufa informed the public that it was going to delete information transferred by telecommunication companies by the 20 October 2023. Schufa noted that the Conference of the German Data Protection Agencies (Datenschutzkonferenz der Länder) [https://www.datenschutzkonferenz-online.de/media/dskb/20210929_top_07_beschluss_positivdaten.pdf was of the opinion] that transferal and processing of personal data stemming from the field of telecommunication required a consent of the data subject. The data subject then requested access to their personal data from Schufa and was granted access. With his lawsuit, the data subject claimed, inter alia, €4,000 in non-material damages. The court dismissed the data subject’s action. It held that there was no GDPR infringement and also the claim fell under the statute of limitations. By signing the contract form the data subject had validly consented to the processing of personal data. The fact that it was not possible to form the contract without consenting was not relevant for the court. The statute of limitations applied because the data subject was informed about the transfer of data to Schu
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Violations (1)
Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.
Art. 6(1) GDPR
Related Cases (0)
No other cases found for Vodafone in DE
This is the only recorded case for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
About this data
Cite as: Cookie Fines. Vodafone - Germany (2024). Retrieved from cookiefines.eu
Last updated: