The First Civil Senate of the German Federal Court of Justice, which is responsible among other things for claims under the Unfair Competition Act, today stayed proceedings pending before it by the Federation of German Consumer Organizations against Facebook for violations of data privacy law pending a decision by the Court of Justice of the European Union in a preliminary ruling submitted to it by the Düsseldorf Higher Regional Court.
The Regional Court had ordered Facebook to refrain from presenting games on its website in an app center in such a way that users of the Internet platform, by clicking on a button such as “Play game”, make the declaration that the operator of the game receives information about the personal data stored there via the social network operated by the defendant and is authorized to transmit (post) information on behalf of the users. Facebook’s appeal was unsuccessful.
The Federal Court of Justice has now decided the proceedings by analogous application of Section 148 (1) of the German Civil Code. 1 ZPO suspended until the Court of Justice of the European Union has ruled in Case C-40/17 on the reference for a preliminary ruling from the Oberlandesgericht Düsseldorf (Düsseldorf Higher Regional Court) of January 19, 2017 (ruling of January 19, 2017 – I-20 U 40/16). In these proceedings, which concern Facebook’s “Like” button, the Higher Regional Court referred to the Court of Justice of the European Union for a preliminary ruling the question of whether the provisions in Articles 22 to 24 of Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data (Data Protection Directive) preclude a national provision which – like Section 8 para. 3 No. 3 UWG – Gives non-profit associations to protect the interests of consumers the power to take action against the infringer in the event of a breach of data protection rules. This question is also relevant to the present legal dispute and cannot be answered beyond doubt. It is possible that the Data Protection Directive allows infringements to be prosecuted solely by data protection authorities and data subjects, and not by associations.
This should therefore not only be an interesting decision on Facebook’s handling of data protection, but also on the question of whether or not DSGVO violations can only be warned by data protection authorities in the future, or how the relationship of the DSGVO to the UWG will be viewed in the future.