Lisa Ballmann – CJEU Judgment (European Union, 2025)
CJEU judgment — not a DPA enforcement action
This is a Court of Justice ruling, not an enforcement action by a data protection authority. It is not included in cookie statistics or the Risk Calculator.
The Court of Justice ruled on a case involving a Facebook user who complained about how Meta collected her data. The court decided that the user did not have full access to the case file related to her complaint. This ruling emphasizes the ongoing challenges users face in accessing information about their data rights.
What happened
The court ruled that the complainant could not access all documents related to her complaint against Meta.
Who was affected
A Facebook user who filed a complaint about Meta's data collection practices.
What the authority found
The court held that the user did not have the right to access the entire case file under EU law, limiting her ability to see how her complaint was handled.
Why this matters
This ruling highlights the difficulties users may encounter when trying to access information about their data rights. It serves as a reminder for users to understand the limitations of their rights in data protection cases.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The ruling relates to the procedural aspects of a cross-border case involving Meta Platforms Ltd. The full summary for the case is available here. = In May 2018 a Facebook user (the complainant) lodged a complaint against Meta Platforms Ireland Ltd with the Austrian DPA. In her complaint, she claimed that the collection of personal data via Facebook violated several rules of the GDPR, including Articles 6 and 9. Short after the complaint was filed, the Austrian DPA held that the case was cross-border in nature and forwarded the complaint to the Irish DPA as the lead supervisory authority. In 2021 the Irish DPA submitted a draft decision to all EEA supervisory authorities. Some of them raised “reasoned and relevant objections” to the draft within the meaning of Article 4(24) GDPR. The DPC decided not to follow some of those objections and, therefore, referred the matter to the EDPB under the GDPR’s consistency mechanism. The EDPB decided the matter in December 2022 with its Binding Decision 3/2022. Following the Binding Decision, the Irish DPA decided the complaint and fined Meta €210,000,000 over the unlawful processing of personal data for targeted advertising on Facebook. = After the dispute resolution procedure of the EDPB the complainant requested access to the case file relating to her complaint. She invoked several provisions of EU primary and secondary law, including Article 41(2)(b) of the EU Charter of Fundamental Rights (“Right to good administration”). The EDPB replied with an email to the complainant (from now on: “the Contested Decision”), granting the complainant access to some of the documents relative to the procedure based on [https://eur-lex.europa.eu/eli/reg/2001/1049/oj EU Regulation 1049/2001]. However, the EDPB held that the complainant had no right of access under Article 41(2)(b) CFREU. As a result, the EDPB only granted the complainant access to parts of the file. The complainant considered that the EDPB violated her rights and filed an
Outcome
CJEU Judgment
A judgment by the Court of Justice of the European Union, typically on a preliminary reference from a national court.
Related Cases (0)
No other cases found for Lisa Ballmann in EU
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Lisa Ballmann - European Union (2025). Retrieved from cookiefines.eu
Last updated: