Search
Contact
03.06.2020 | KPMG Law Insights

GDPR: Federal Court of Justice refers question on standing of consumer protection associations to European Court of Justice for preliminary ruling.

GDPR: Federal Court of Justice refers question on standing of consumer protection associations to European Court of Justice for preliminary ruling.

In its decision of May 28, 2020, the German Federal Court of Justice referred to the European Court of Justice the question of whether consumer protection associations are authorized to pursue violations of data protection law by way of an action, irrespective of the infringement of specific rights of individual data subjects and without a mandate from a data subject.

Background
In 2013, the umbrella organization of consumer advice centers in the German states filed a lawsuit for injunctive relief against a social network. The defendant had made free online games from other providers available to its users. The plaintiff complains, among other things, that the data privacy notices under the corresponding “Play Now” button do not comply with the legal requirements for obtaining effective user consent under data privacy law due to a lack of transparency.
The district court had sentenced the defendant as requested. The defendant’s appeal was also unsuccessful. The Federal Court of Justice now has to rule on the admissibility of the consumer protection association’s action on appeal and, if necessary, on the injunctive relief sought.
Since an interpretation of provisions of the General Data Protection Regulation is required to assess the standing of consumer associations to bring an action, the proceedings were suspended and the question was referred to the Court of Justice of the European Union for a preliminary ruling.

Legal classification
The question of whether the umbrella organization of consumer associations in the German states is authorized to bring this action depends, among other things, on the interpretation of Article 80 of the GDPR, which governs the authority to assert rights based on violations of data protection law. In the opinion of the Federal Court of Justice, the decisive question is whether Article 80 of the GDPR conclusively regulates the enforcement of the data protection provisions set out in this Regulation, a question that is also disputed in the case law of the courts of instance and in the legal literature.
If this regulation were to be final, the consumer protection association would not be authorized to bring this action because the necessary requirements of the General Data Protection Regulation have not been met. If the provisions do not preclude further, deviating regulations, the action for injunctive relief would in any case be admissible under German law.
It is therefore questionable whether, in addition to the provisions of European law, the provision in German laws, such as the Unfair Competition Act and the Injunctions Act, also apply. These grant associations, institutions and chambers as well as competitors the power to take action against the controller by way of a lawsuit before the civil courts for violations of the General Data Protection Regulation, irrespective of the violation of specific rights of individual data subjects and without a mandate from a data subject.
The European Court of Justice had already ruled in its judgment of July 29, 2019, that the provisions of the Data Protection Directive, which applied until the entry into force of the General Data Protection Regulation on May 25, 2018, do not preclude associations from bringing an action. In this decision, the European Court of Justice left open whether this right of action continues to apply under the now applicable General Data Protection Regulation.

Evaluation
Among other things, the decision in these proceedings has implications for the question of whether competitors can also pursue violations of data protection law under competition law aspects. Should the ECJ affirm the right of action, it cannot be ruled out that the wave of warning letters feared since the entry into force of the GDPR will occur. The decision thus has significant implications for all companies.

Explore #more

11.03.2025 | In the media

KPMG Law Interview with HAUFE: LkSG after the elections – everything new?

Many companies have made considerable efforts to implement the Supply Chain Due Diligence Act. The political discussion about its abolition is now causing uncertainty. KPMG…

07.03.2025 | In the media

Guest article in unternehmensjurist: Implementing the requirements of the BFSG correctly

The Barrier-Free Accessibility Reinforcement Act requires companies to offer certain products and services without barriers. The obligations vary depending on the role in business transactions.…

05.03.2025 | In the media

KPMG Law Statement in TextilWirtschaft: What the changes from Brussels mean for the fashion industry

It’s now official: the EU Commission will massively simplify the planned sustainability reporting. The Supply Chain Law Initiative examines the announced changes to the CSDDD…

28.02.2025 | In the media

KPMG LLP Launches KPMG Law US – The First Big Four Law Firm Serving The US Market

The Supreme Court of the US state of Arizona has granted KPMG US the license for KPMG Law US. As of February 27, 2025, KPMG…

27.02.2025 | In the media

KPMG Law Statement in the ESGZ: The current opinion

Is the German Supply Chain Act sufficient to hold companies accountable, or do we need stricter liability rules for human rights and environmental violations? KPMG…

26.02.2025 | KPMG Law Insights

First Omnibus Package to relax the obligations of the CSDDD, CSRD and EU taxonomy

The EU Commission has today published the draft of the first announced Omnibus Package. With the first directive as part of the omnibus initiative,…

24.02.2025 |

Digitization of administration – the digital driver’s license is a first step

The introduction of digital driver’s licenses and vehicle documents recently approved by the Federal Cabinet marks a significant milestone in the digitalization of modern administration.…

21.02.2025 | In the media

Guest article in Betriebs Berater: Overview of regulation for securities institutions

Since the Securities Institutions Act (WpIG) came into force on June 26, 2021, securities institutions have had their own supervisory regime. In addition to the…

21.02.2025 | KPMG Law Insights

Money laundering prevention: BaFin calls on financial sector to act

The German Federal Financial Supervisory Authority (BaFin) is calling on the financial sector to pay greater attention to money laundering prevention. In its report “Risks…

18.02.2025 | KPMG Law Insights

AI compliance: important legal aspects at a glance

Human intelligence draws on experience, emotion and intuition. Artificial intelligence (AI), on the other hand, processes vast amounts of data in fractions of a second.…

Contact

Sebastian Hoegl, LL.M. (Wellington)

Senior Manager
Lawyer
Specialist lawyer for IT law
LL.M. (Wellington)

Heinrich-von-Stephan-Straße 23
79100 Freiburg im Breisgau

Tel.: +49 761 769999-20
shoegl@kpmg-law.com

© 2024 KPMG Law Rechtsanwaltsgesellschaft mbH, associated with KPMG AG Wirtschaftsprüfungsgesellschaft, a public limited company under German law and a member of the global KPMG organisation of independent member firms affiliated with KPMG International Limited, a Private English Company Limited by Guarantee. All rights reserved. For more details on the structure of KPMG’s global organisation, please visit https://home.kpmg/governance.

 KPMG International does not provide services to clients. No member firm is authorised to bind or contract KPMG International or any other member firm to any third party, just as KPMG International is not authorised to bind or contract any other member firm.

Scroll