Court case 22 C 1423/25 – Court Ruling (Germany, 2025)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A court dismissed a claim from a partner at an auditing firm who wanted damages after a telecom company shared his personal data with a credit agency. The court found that the partner had agreed to this data sharing when he signed the contract, so his consent was valid. This case shows that businesses must clearly communicate data sharing practices in contracts.
What happened
The telecom company shared a partner's personal data with a credit agency based on consent given in a contract.
Who was affected
The partner in the auditing firm whose personal data was shared without his explicit agreement after he signed a contract.
What the authority found
The court ruled that the partner had validly consented to the data sharing when he entered into the contract, so there was no basis for his damages claim.
Why this matters
This case illustrates the importance of clear consent in contracts. Companies should ensure that users understand what they are agreeing to when they sign up for services.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
In 2022, the data subject, a partner in an auditing and consulting firm, entered into a phone contract with a telecommunications company (controller). The data subject received the contractual terms and conditions, as well as the data protection information sheet. The contract included a clause that authorized the transmission of personal data to credit information agencies for the protection of the controller's legitimate interests or those of third parties. The data subject was also informed of their rights under the GDPR, including the right to withdraw consent. Subsequently, the controller transferred data about the conclusion of the telecommunications contract to a credit information agency (CRIF GmbH). The data subject brought a case to the District Court of Nürnberg and requested €1,500 in damages from the controller and demanded it stops unlawfully processing the data subject’s data. The controller rejected the claim, arguing that the data processing was necessary and based on contractual agreements. The court dismissed the data subject’s action for the following reasons: Regarding damages The court found no basis for the damages claim under Article 82 GDPR . The data subject admitted that no tangible damage could be concretely identified. Referencing case law by the CJEU, the court held that the mere assertion of fear about potential consequences is insufficient to justify compensation under Article 82 GDPR. Regarding the lawfulness According to the court, the data subject had consented to the disclosure of his personal data to the credit information agency when the contract was concluded by agreeing to the provisions in the data protection information sheet . The consent was also necessary for the controller to protect its legitimate interests, and the data subject had been informed of this upon entering into the contract. Consent, in accordance with Article 7 GDPR, was therefore validly given. Furthermore, there was no evidence that the cons
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Violations (1)
No accessible mechanism exists for users to withdraw previously given cookie consent.
Art. 7(3) GDPR
Related Cases (0)
No other cases found for Court case 22 C 1423/25 in DE
This is the only recorded case for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
About this data
Cite as: Cookie Fines. Court case 22 C 1423/25 - Germany (2025). Retrieved from cookiefines.eu
Last updated: