In proceedings against two defendants – a 53-year-old lawyer based in Berlin and his 41-year-old client, the alleged representative of an “IG Datenschutz” – search warrants were executed in Berlin, Hanover, Ratzeburg and Baden-Baden by the police on behalf of the Berlin public prosecutor’s office at the end of last year on suspicion of (partly) attempted warning fraud and (attempted) extortion in at least 2,418 cases, as well as two arrest warrants with a total sum of 346,000 euros.
The defendants are accused of having warned private individuals and small traders throughout Germany who have used so-called “Google Fonts” – an interactive directory with over 1,400 fonts that determine the typeface of a website – on their homepages. At the same time, they were offered the opportunity to avoid civil proceedings by paying a settlement sum of 170 euros each. The defendants are said to have been aware that the alleged claims for damages for pain and suffering due to violation of the right to informational self-determination did not exist. Accordingly, they are also said to have known that there was no reason for the persons addressed to reach a corresponding settlement, as they would not have been able to enforce the alleged claims in court. The threat of legal proceedings is therefore said to have been made only with the aim of arousing the willingness to settle.
Google Fonts is a tool that is provided license-free by the company Google for website operators. Internet pages that use this usually transmit the Internet Protocol (IP) address automatically to the company Google in the USA without the knowledge and consent of visitors to the website. Against this background, the Munich Regional Court ruled in its judgment of January 20, 2022 (Case No. 3 O 17493/20) that the automatic disclosure of the IP address (as a personal data) by the operator of a website constitutes an infringement of data protection law to which the visitor to the site has not consented. This approach is therefore likely to be a violation of the General Data Protection Regulation and thus also a corresponding right to injunctive relief if an uninitiated user visits such a website.
The defendants, however, are not said to have been clueless: Using specially programmed software, they are said to have first identified websites that use Google Fonts. In a second step, and again using software developed for this purpose, you are said to have automated website visits by the accused 41-year-old, thus ultimately faking them. The website visits then logged are said to have been the basis for the allegation of data privacy violations and the assertion of claims for damages for pain and suffering, which could allegedly have been averted by accepting the “settlement offer.”
The defendants are therefore alleged to have deceived about the fact that a person visited the websites (and not actually a software). In the absence of a person, however, there would then be no violation of a personal right.
Since they are also said to have deliberately made these visits in order to trigger the transfer of IP addresses to the U.S., they would in fact also have consented to the transfer, so that there was no longer any breach of data protection law that could have justified a warning.
In some cases, no data was transferred to the U.S. at all, but a claim based on this was nevertheless asserted.
By the end of last year, the Berlin public prosecutor’s office had received 420 reports from “warning parties” who ultimately did not pay. However, the analysis of the defendants’ account records shows that around a further 2,000 people accepted and paid the “settlement offer” out of concern about civil proceedings and in the incorrect assumption that the alleged claim actually existed.
The searches led to the discovery of evidence, in particular documents and data carriers, which must now be evaluated. Among other things, they should provide further information about the number, selection criteria and identity, actual sales and the exact procedure.