Court rules email provider not required to disclose user inventory data

An email hosting service such as Google is not obliged to provide information about the personal data of its users. This applies even if email addresses attributable to it have been used for the publication of illegal content on another platform. This was clarified by the Munich Higher Regional Court (OLG) in a recently published decision dated August 26 (Ref.: 18 W 677/25 Pre e). In doing so, it overturned the decision of the lower court, the Regional Court of Munich I, from February (Ref.: 25 O 9210/24).

In the case, a German company from the automotive industry was portrayed negatively in several posts on an online platform on which current and former employees, applicants and apprentices can submit employer reviews throughout Europe, with captions such as "hui on the outside, pfui on the inside". According to the Cologne law firm LHR Rechtsanwälte, this was Kununu.

The automotive company considered the posts to contain untrue statements of fact and suspected criminal offenses such as defamation or libel. The company demanded information from the platform about the authors of the reviews. The only information the platform provided was the authors' email addresses, as it had not stored any other inventory data.

To obtain the personal information of the authors of the disputed posts –, in particular their name and address –, the company contacted the email hosting service that provided these email addresses. This was the operator of the service "G...mail".com, the regional court indicated in its original decision. LHR named Google as the provider. However, the US company refused to hand over the data.

No "chain information"

After the Munich Regional Court ordered the email service to hand over the data, Google successfully appealed to the Higher Regional Court, which rejected the request for information. In its decision, the higher court clarified that the Telecommunications Digital Services Data Protection Act (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz, TDDDG) – and therefore the basis on which the plaintiff company relied – is not applicable to the email provider. The decisive legal distinction is therefore between digital services such as forums, rating platforms and social networks on the one hand and telecommunications services such as telephony, chat and email services on the other.

The OLG classified the email provider as an interpersonal communication service that falls within the scope of the Telecommunications Act (TKG). While the TDDDG provides for an obligation to provide controversial inventory data information for digital services under certain circumstances, there are different regulations for telecommunications services. According to Section 174 TKG, there is an obligation to provide information to authorities such as the police or public prosecutor's office, but not to private individuals or companies.

The Munich Higher Regional Court also emphasized that Google was not directly involved in the infringement in the form of the negative reviews. The harmful content had not been distributed on the provider's website, but on the separate review platform. The OLG elaborated that the TDDDG does not provide for "chain information" from one service to the next –, i.e. in this case from the review portal to the email service –. The legislator had made it clear in the TDDDG that only the service provider whose service was directly used for the infringement was obliged to provide information.

A deliberate loophole in the law

The OLG also recognized that this classification creates a legal protection loophole: if a platform has no data apart from an email address, the victim of defamation cannot assert any civil claims against the author. However, the court made it clear that this gap should not be closed by extending the obligation to provide information to other service providers without cause. It referred to planned amendments to the law that are intended to close such a loophole by extending the obligation to provide information about IP addresses.

The decision is not yet legally binding. As the decision is of fundamental importance for the legal demarcation of online services and has yet to be clarified by the highest court, the OLG has allowed an appeal on points of law. This paves the way in principle for a ruling by the Federal Court of Justice (Bundesgerichtshof, BGH).

(vbr)