Facebook: Federal Court wants to quickly make a groundbreaking ruling on data scandal

The Federal Court of Justice (Bundesgerichtshof, BGH) has announced that it plans to issue a landmark ruling in the legal disputes over damages claims following a major data breach at Facebook discovered in 2021. ​​The VI Civil Senate, which is responsible for claims arising from the General Data Protection Regulation (GDPR), is thus using a completely new legal option. According to clauses inserted into the German Code of Civil Procedure (ZPO) on October 24, the Federal Court of Justice can upgrade an appeal case pending before it to a leading decision case if the appeal raises legal issues whose decision is important for numerous proceedings.

Anzeige

Tens of thousands of Facebook users around the world have sued its parent company Meta for collecting personal data. The controversial technology is used to automatically read publicly accessible data en masse from websites or open interfaces (APIs) and process it on a large scale. As soon as it concerns personal data, this is prohibited under the GDPR without the express consent of the data subject. The cases at the Federal Court of Justice concern the fact that a total of approximately 533 million data records containing personal information of Facebook users from 106 countries appeared online in 2021.

Unknown third parties had previously taken advantage of the fact that Facebook made it possible to locate a profile based on the user’s telephone number, depending on the search settings of the user in question. Using automated tools, they uploaded telephone numbers on a large scale through the network operator’s contact import function, merged them with the publicly accessible information associated with a user account, and then accessed this data. Ireland’s data protection authority DPC has fined Meta 2022 €265 million as a result of the incident.

Anxiety, stress, loss of comfort and time

In Germany, plaintiffs alleged in several state courts that Meta had not taken sufficient security measures to prevent the contact instruments from being misused. They are entitled to compensation for non-material damage as a result of the inconvenience they have suffered and the loss of control over their own data. They suffered from anxiety, stress, loss of comfort and loss of time.

Meta is also obliged to compensate all future material and immaterial damage and to issue a declaration of costs. Defendant rejected the alleged claims because there was no infringement of the GDPR. Plaintiffs have also suffered no demonstrable causal damage.

Often settlements instead of verdicts

Higher regional courts assessed the damages claims differently, and several appeals ended up in the Federal Court of Justice (file ref.: VI ZR 22/24, VI ​​​​ZR 7/24 as well as VI ZR 10/24 and VI ZR 186/24). Meta then tried to prevent Supreme Court rulings: the American group offered the plaintiffs out-of-court settlements, which they accepted. Until now, the BGH’s hands were tied.

However, thanks to the new ZPO provisions, the judges in Karlsruhe can now decide on legal issues even if an appeal has already been excluded for procedural reasons. This is intended to allow rapid clarification by the highest court despite the withdrawal of appeals for tactical reasons or due to settlement. A corresponding landmark ruling should then have a signaling effect, especially for other potential lawsuits.

The Cambridge Analytica scandal sends my regards

With the corresponding improved appeal procedure VI ZR 10/24For example, the VI Civil Senate now wants to clarify whether the default setting to “all” that Meta makes when implementing the contact import function violates the GDPR. It will also be examined whether the mere loss of control over the data that has been deleted and is now linked to the mobile telephone number of the data subject concerned is suitable to justify non-material damage within the meaning of the Regulation, and what form compensation could take . The Federal Court of Justice has planned this an oral hearing before November 11, 2024.

The harrowing disputes surrounding Facebook date back to the Cambridge Analytica scandal that broke out in 2018. In 2019, 419 million relevant data records also appeared on the internet. Meta sued companies such as Voyager Labs and Bright Data, which specializes in scraping, in California in early 2023. The parent company of Facebook and Instagram accuses them of creating tens of thousands of fake profiles on Facebook alone and collecting publicly visible data about users of the social network on a large scale, thereby spying on those involved and the service. Bright Data responded with a counterclaim, because public data on the platforms is not owned by Meta. In addition, the company itself used the services of Bright Data.

(no)