Facebook: Federal Court wants to quickly issue landmark ruling on data scandal

Contents

The Federal Court of Justice (Bundesgerichtshof, BGH) has announced that it intends to issue a landmark ruling in the form of a leading decision in the legal disputes over claims for damages following a massive data leak at Facebook discovered in 2021. The VI Civil Senate, which is responsible for claims arising from the General Data Protection Regulation (GDPR), is thus making use of an entirely new legal option. According to clauses introduced into the German Code of Civil Procedure (ZPO) on October 24, the Federal Court of Justice can upgrade an appeal case pending before it to a leading decision case if the appeal raises legal issues whose decision is important for numerous proceedings.

Tens of thousands of Facebook users around the world have sued the parent company Meta for scraping personal data. The controversial technology is used to automatically read publicly accessible data en masse from websites or open interfaces (APIs) and process it on a large scale. As soon as personal information is involved, this is prohibited under the GDPR without the explicit consent of the data subject. The cases before the Federal Court of Justice concern the fact that a total of around 533 million data records with personal information of Facebook users from 106 countries appeared online in 2021.

Unknown third parties had previously taken advantage of the fact that Facebook made it possible, depending on the searchability settings of the respective user, to locate a profile using their telephone number. Using automated tools, they uploaded telephone numbers on a large scale via the network operator's contact import function, merged them with the publicly accessible information linked to a user account and then accessed this data. The Irish data protection authority DPC fined Meta 2022 €265 million as a result of the incident.

Anxiety, stress, loss of comfort and time

In Germany, plaintiffs claimed before several state courts that Meta had not taken sufficient security measures to prevent the contact tools from being exploited. They are entitled to compensation for non-material damages due to the annoyance they suffered and the loss of control over their own data. They had suffered anxiety, stress, loss of comfort and loss of time.

Meta is also obliged to compensate all future material and immaterial damages and to issue a cease-and-desist declaration. The defendant rejected the claims asserted because there was no breach of the GDPR. The plaintiffs had also not suffered any demonstrable causal damage.

Often settlements instead of judgments

Higher regional courts assessed the claims for damages differently, and several appeals ended up at the Federal Court of Justice (file ref.: VI ZR 22/24, VI ZR 7/24 as well as VI ZR 10/24 and VI ZR 186/24). Meta then attempted to avert supreme court rulings: The US group offered the plaintiffs out-of-court settlements, which they accepted. Until now, the BGH's hands were tied.

However, the new ZPO provisions now allow the judges in Karlsruhe to reach a decision on the legal issues even if an appeal has already been ruled out for procedural reasons. This is intended to enable a swift clarification by the highest court despite the withdrawal of appeals for tactical reasons or due to a settlement. A corresponding landmark ruling should then have a signal effect, especially for other potential lawsuits.

Cambridge Analytica scandal sends its regards

With the correspondingly upgraded appeal proceedings VI ZR 10/24, the VI Civil Senate now wants to clarify, for example, whether the default setting to "all" made by Meta when implementing the contact import function is a violation of the GDPR. It will also examine whether the mere loss of control over the data scraped and now linked to the cell phone number of the respective data subject is suitable to justify non-material damage within the meaning of the regulation, and what form compensation could take. The Federal Court of Justice has scheduled an oral hearing for November 11, 2024.

Scraping disputes surrounding Facebook date back to the Cambridge Analytica scandal that broke in 2018. In 2019, 419 million relevant data records also surfaced on the internet. Meta sued companies such as Voyager Labs and Bright Data, which specialized in scraping, in California in early 2023. The parent company of Facebook and Instagram accuses them of creating tens of thousands of fake profiles on Facebook alone and collecting publicly visible data about users of the social network on a large scale, thus spying on those affected and the service. Bright Data responded with a counterclaim, as public data on the platforms is not the property of Meta. In addition, the company had used Bright Data services itself.

(nie)