Court case 5 U 129/24 – Court Ruling (Germany, 2025)

The data subject was a user of a platform provided by the controller. An unknown third-party used the possibility of finding user accounts through the users’ phone numbers for scraping the platform by randomly generating phone numbers and searching for users, on the basis of a default setting set by the controller. The data subject was affected by this data "scraping incident", that resulted in loss of control of their data. The data subject filed a lawsuit with the first instance court. At first instance, the court ordered the controller to pay the data subject €500 for non-material damages and granted the requests for declaratory and injunctive relief. Both parties appealed the decision of the court of first instance before the Higher Regional Court of Celle (Oberlandesgericht Celle – OLG Celle). The court amended the decision of the court of first instance. It ordered the controller to pay the data subject the amount of €100 pursuant to Article 82(1) GDPR and established that the controller is obliged to compensate the data subject for all material future damages. However, it confirmed the court of first instance's order to cease and desist from any further infringements of this provision under penalty of a fine, to refrain from disclosing personal data of the data subject’s side to third parties, in particular the telephone number or other non-public data points, on the basis of a default setting set by the controller and to refrain from processing the data subject's telephone number on the basis of consent, which was obtained due to the confusing and incomplete information provided by the controller. First, the court held that the controller violated the principle of data minimisation pursuant to Article 5(1)(b), Article 5(1)(c) and Article 25(2)(b) GDPR. Following the lead decision of the German Federal Court of Justice (Bundesgerichtshof - BGH) - VI ZR 10/24 from 18 November 2024, the court held that the mere loss of control over one's personal data as a