German Facebook Users Eligible For Compensation Over Data Breach

Millions of German Facebook users whose data was obtained and leaked in a major security breach are eligible for compensation, Germany’s highest civil court, the Federal Court of Justice (BGH), has ruled.

The Karlsruhe-based court found the users’ loss of control over their data was grounds for damages, without any requirement for the plaintiffs to prove specific financial losses or misuse of the data.

The BGH said its ruling was a guideline decision, meaning it can serve as a precedent for thousands of similar cases currently being processed by German courts.

In 2018 and 2019 unknown people scraped the data of some 533 million Facebook users worldwide and posted the data online.

Data scraping

The incident involved the misuse of the social network’s search tool, which allowed users to be identified by entering their phone numbers.

The scrapers used automated searches for millions of randomly generated phone numbers to access users’ data en masse.

Facebook parent Meta Platforms has downplayed the breach since the data was made public in April 2021, saying it did not involve hacking and that the company had already plugged the loophole.

The company refused to compensate users, saying they could not prove concrete losses.

About six million people in Germany were affected by the data leak.

The higher regional court in Cologne had rejected the legal claim, but must now reconsider it taking the BGH’s ruling into account.

The plaintiffs in the case considered by the BGH had demanded at least 1,000 euros ($1,056, £836) in compensation from Meta, but the BGH said a sum closer to 100 euros would be more suitable with no proof of financial loss.

Compensation claim

The ruling said the lower court must determine whether Facebook’s terms of use were transparent and comprehensible and whether users’ consent for use of their data was voluntary.

Meta said in a statement the BGH’s ruling was “inconsistent with the recent case law of the European Court of Justice, the highest court in Europe”.

“Similar claims have already been dismissed 6,000 times by German courts, with a large number of judges ruling that no claims for liability or damages exist,” the company said.

It said its systems had not been hacked and there was “no data breach”.

The data protection office of Ireland, where Meta’s European headquarters is located, fined the company 256m euros in 2022 over the leak following a more than year-long investigation.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Three UK Investigates After Outage Impacted Some 999 Calls

Thursday outage of Three UK network impacts thousands of people, with operator confirming some 999…

9 hours ago

CMA Secures Google Commitment To Tackle Fake Reviews

British competition watchdog secures undertaking from Google to tackle fake reviews, as Amazon probe continues

11 hours ago

Trump Signs AI ‘Free From Idealogical Bias’ Executive Order

After earlier revoking Biden's AI safety executive order, President Trump signs new executive order to…

13 hours ago

OpenAI’s ‘Operator’ Agent Automates Online Tasks

OpenAI launches AI agent called 'Operator' to automatically fill out forms, make restaurant reservations, book…

1 day ago

Pakistan’s Parliament Passes Bill For Strict Control On Social Media

Bill passed to give Pakistani government sweeping controls on social media, but critics argue it…

1 day ago

Indian Tribunal Suspends Meta’s Data Sharing Ban

After Meta had warned that India's data sharing ban could collapse WhatsApp's business model, tribunal…

1 day ago