Overview

• The German Federal Court of Justice (BGH) confirmed that consumer protection organizations can sue companies for data protection violations under GDPR.
• Facebook was found in breach of GDPR for inadequate transparency in its 2012 'App Center,' where third-party games collected user data without clear consent.
• The decision follows guidance from the European Court of Justice, which affirmed the legal standing of consumer groups to act on behalf of users.
• The ruling emphasizes the importance of informing users about the type, scope, purpose, recipients, and legal basis of data collection and processing.
• This landmark decision reinforces GDPR enforcement and highlights the economic significance of data transparency for internet-based business models.