The dispute between different courts over whether data breaches can be warned by competitors is somewhat similar to whether and what influencers need to identify. In both cases we have new legal issues, courts that have decided differently and felt for each resolved problem two new ones.
However, the Stuttgart Regional Court has now also ruled that GDPR infringements cannot be admonished. It thus joins the District Court of Magdeburg(see this post), but thus contradicts the District Court of Berlin(more on this here). Notes on a few other decisions can also be read in this post.
Unfortunately, there is no legal certainty at the moment, because even lawyers are probably divided on this.
If you go the safe way and get a pre-prepared privacy policy, which should be sufficient in many cases, you should, however, observe the license determination of the providers and in no case copy the declaration from other pages. Just because some providers offer the privacy statements free of charge or very cheap does not mean that they are royalty-free. Often, for example, the name of the provider, including linking, must appear or similar rules must be adhered to. Failure to do so threatens warnings, some of which have been on the move recently.