CJEU - C-757/22 - Meta Platforms
CJEU - C-757/22 Meta Platforms | |
---|---|
Court: | CJEU |
Jurisdiction: | European Union |
Relevant Law: | Article 12(1) GDPR Article 13(1)(c) GDPR Article 13(1)(e) GDPR Article 80(2) GDPR Paragraph 4, Law on injunctions against infringements of consumer law and other infringements |
Decided: | 25.01.2024 |
Parties: | Meta Platforms Ireland Limited Bundesverband der Verbraucherzentralen und Verbraucherverbände – Verbraucherzentrale Bundesverband e.V. |
Case Number/Name: | C-757/22 Meta Platforms |
European Case Law Identifier: | ECLI:EU:C:2024:88 |
Reference from: | Bundesgerichtshof (Federal Court of Justice, Germany) |
Language: | 24 EU Languages |
Original Source: | AG Opinion |
Initial Contributor: | n/a |
Advocate General Richard De La Tour opines that failure to provide information prior to the processing of personal data could lead to unlawful processing of personal data and justify a complaint by not-for-profit organizations under Article 80 GDPR.
English Summary
Facts
Meta Platforms owns the popular social networking site Facebook. Data subjects who tried to make use of Facebook's third party "App Centre" containing games in Germany were forced to accept the general terms, conditions and data protection policies of third-party gaming apps when they accessed the App Centre. This authorized the third-party apps to make posts such as score and photos, about the user on the Facebook platform.
The Bundesverband der Verbraucherzentralen und Verbraucherverbände – Verbraucherzentrale Bundesverband e.V. (Federal Union of German Consumer Organizations, Germany) succesfully brought a representative action under Article 80(2) GDPR at the Regional Court, Berlin seeking injunction against Meta for violation of consumer protection law. Meta appealed this decision first to the Higher Regional Court, Berlin, then to the Federal Court of Justice, which sought a preliminary reference ruling from the Court of Justice.
Holding
The Advocate General (Richard De La Tour) opined that the obligation to provide on controllers to provide information about reasons for processing personal data, legal basis for processing, and intended recipient of personal data does not by itself amount to processing of personal data. However, where this provision is not complied with, it could lead to personal data being processed unlawfully.
Therefore, he opines that the provision of information required by articles 12(1) and 13(1) GDPR could be a condition precedent to determine the lawfulness of any subsequent processing of personal data. Where the data controller fails to comply with this prerequisite, a not-for-profit organization would have the legal standing to bring a representative action against the data controller for breach of data subject rights, even where the data subject has not expressly asked the organization to do so, and where the actual processing of the personal data is yet to take place.
The AG further opines that Article 80(2) GDPR must be interpreted in this way to safeguard the rights of the data subjects under the GDPR.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!