OLG München - 18 U 2822/19 Pre: Difference between revisions

From GDPRhub
mNo edit summary
Line 73: Line 73:
The plaintiff has appealed.
The plaintiff has appealed.
===Dispute===
===Dispute===
Has the defendant's General Terms and Conditions violated section 13(6) of the German Telemedia Act (TMG)  or [[Art. 4 GDPR#7|Art. 4(7) GDPR]] and [[Art. 25 GDPR#1|Art. 25(1) GDPR]]?  
Has the defendant's General Terms and Conditions violated section 13(6) of the German Telemedia Act (TMG)  or [[Art. 4 GDPR#7|Article 4(7) GDPR]] and [[Article 25 GDPR#1|Artcicle 25(1) GDPR]]?  


===Holding===
===Holding===
The Higher Regional Court Munich dismissed the appeal and found that the plaintiff cannot derive a claim to the use of a pseudonym in the context of his own profile from the nature of the contract of use concluded with the defendant. The Court held that the defendant's policy on clear names did not require the consent of the users pursuant to [[Article 6 GDPR#1a|Art. 6(1)(a) GDPR ]]and [[Art. 7 GDPR]], therefore there was no violation of these provisions. If a service is described and a user agrees to enter into a contract for the described service, it is a matter of data processing operations that are necessary to enable the performance of such services pursuant to [[Art. 6 GDPR#1b|Art. 6(1)(b) GDPR]].
The Higher Regional Court Munich dismissed the appeal and found that the plaintiff cannot derive a claim to the use of a pseudonym in the context of his own profile from the nature of the contract of use concluded with the defendant. The Court held that the defendant's policy on clear names did not require the consent of the users pursuant to [[Article 6 GDPR#1a|Article 6(1)(a) GDPR ]]and [[Article 7 GDPR]], therefore there was no violation of these provisions. If a service is described and a user agrees to enter into a contract for the described service, it is a matter of data processing operations that are necessary to enable the performance of such services pursuant to [[Art. 6 GDPR#1b|Article 6(1)(b) GDPR]].


==Comment==
==Comment==

Revision as of 13:14, 14 March 2021

OLG München - 18 U 2822/19 Pre
Courts logo1.png
Court: OLG München (Germany)
Jurisdiction: Germany
Relevant Law: Article 4 GDPR
Article 7 GDPR
Article 25(1) GDPR
§ 3 (7) BDSG
§ 1 (5) BDSG
§ 13 (6) TMG
Art. 5 (1)(1) GG
Decided: 08.12.2020
Published:
Parties:
National Case Number/Name: 18 U 2822/19 Pre
European Case Law Identifier:
Appeal from: LG Traunstein
8 O 3510/18
Appeal to:
Original Language(s): German
Original Source: Bayern.Recht (in German)
Initial Contributor: Agnieszka Rapcewicz

The Higher Regional Court Munich dismissed the appeal of a social network user who was seeking recognition that he was not obliged to apply the defendant's terms and conditions in respect of using his clear name on his profile, not a pseudonym. In the Court's view, the social media operator was entitled to introduce the above provisions into the terms and conditions, because a comparison of the rights of the platform operator and the user shows that the defendant's position was justified and was aimed at deterring users from illegal, abusive, harmful activities on the Internet.

English Summary

Facts

The defendant's parent company with its registered office in California operates the social network "www.f...com. For users in Europe, the defendant is the provider and contractual partner. The plaintiff maintains a private user account with the defendant. According to the defendant's current terms of use: "When people stand behind their opinions and actions, our community is safer and more accountable. For this reason, you must do the following: - Use the same name you use in your daily life."

The plaintiff had originally given himself the profile name using a pseudonym. In March 2018, the defendant asked the plaintiff to verify his name within the next seven days. The plaintiff was told that after this period, he could not log back in until he updated his name. He was asked the question, "Is ... the name you also use in everyday life?" Under "Your answer", the following alternative was given: "Yes, confirm the name" or "No, change the name". On 23.03.2018, the plaintiff was blocked by the defendant. After he changed his profile name to "...", the block was lifted on the same day.

The plaintiff requested the defendant to declare that its terms of use in the scope of the obligation to use a clear name did not apply to the plaintiff. Moreover the plaintoff requested to allow the profile name to be changed to his pseudonym. The defendant did not comply with these requests. The plaintiff has taken the case to court. In its final judgment of 2 May 2019, the Regional Court dismissed the action in its entirety.

The plaintiff has appealed.

Dispute

Has the defendant's General Terms and Conditions violated section 13(6) of the German Telemedia Act (TMG) or Article 4(7) GDPR and Artcicle 25(1) GDPR?

Holding

The Higher Regional Court Munich dismissed the appeal and found that the plaintiff cannot derive a claim to the use of a pseudonym in the context of his own profile from the nature of the contract of use concluded with the defendant. The Court held that the defendant's policy on clear names did not require the consent of the users pursuant to Article 6(1)(a) GDPR and Article 7 GDPR, therefore there was no violation of these provisions. If a service is described and a user agrees to enter into a contract for the described service, it is a matter of data processing operations that are necessary to enable the performance of such services pursuant to Article 6(1)(b) GDPR.

Comment

The Higher Regional Court Munchen found the following:

The Court found that the Regional Court had correctly assumed that the policy on clear names did not require the consent of the users pursuant to Art. 6(1)(a) GDPR and Art. 7 GDPR. As part of the specification of services, the policy on the use of clear names could not be subject to review under Sections 307 et seq. of the German Civil Code. Moreover, if a service is described and a user agrees to enter into a contract for the described service, it is a matter of data processing operations that are necessary to enable the performance of such services pursuant to Art. 6(1)(b) GDPR. Contrary to the plaintiff's view, the Plain Name Policy, which uses precise and easy-to-understand language, is also transparent. The Higher Regional Court held that Section 13 (6) sentence 1 of the German Telemedia Act (TMG) applies to the contractual relationship between the Parties, unless this provision is superseded by the application of higher-ranking law, in particular the General Data Protection Regulation. Contrary to the defendant's view, Section 13 (6) TMG is not superseded by the primacy of application of the General Data Protection Regulation. However, this is only because a contradiction between the overriding provisions of the General Data Protection Regulation and Section 13 subsec. 6 sentence 1 TMG can in any case be avoided by the required interpretation of this provision in conformity with EU law. With regard to the mandatory requirements of European data protection law, the Regional Court correctly found that the defendant cannot be expected to allow the use of the "F." services offered under a pseudonym against its will. National data protection laws can only contain national implementing, enforcement and special provisions and apply only subsidiarily (Section 1 (3) BDSG). The supranationally founded law of the European Union does not have a law-destroying (derogating) effect vis-à-vis the law of the Member States, but only pushes back its application to the extent required by the Treaties and permitted by the orders to apply the law issued by the law of consent. In this context, it is for the domestic courts to interpret the provisions of national law as far as possible in such a way that they can be applied in a manner that contributes to the implementation of Union law. The obligation of the service provider under Section 13 (6) sentence 1 of the German Telemedia Act (TMG) to enable anonymous or pseudonymous use of telemedia is in conflict with the provisions of the General Data Protection Regulation. The contradiction between the provision of Section 13 (6) sentence 1 TMG and the provisions of the General Data Protection Regulation can be resolved by interpreting the former provision in conformity with EU law. Section 13 subsec. 6 sentence 1 TMG only obliges the provider of telemedia to enable their use anonymously or under a pseudonym to the extent that this is reasonable. The reasonableness is to be determined within the framework of a proportionality test related to the specific case, in which the interest of the provider is to be weighed against the user's right to informational self-determination. As the Regional Court rightly recognised, this weighing is in favour of the defendant in the present case, the interest pursued by the defendant in requiring users to use their true name is not exhausted by being able to identify users more easily in the event of violations of its terms of use. In view of the meanwhile widespread socially harmful behaviour on the internet - cyber bullying, harassment, insults and hate speech - the defendant has a legitimate interest in having a preventive effect on its users. The Senate shares the view of the Regional Court that the obligation to use the true name is in principle suitable to deter users from unlawful conduct on the internet. When using a pseudonym, the inhibition threshold is significantly lower according to general life experience. Against this, the plaintiff cannot object that the obligation to use the true name had no inhibiting effect because the negative behaviour described had massively increased on the internet in recent years despite the existing obligation to use a clear name. The fact that individual users commit breaches of the terms of use even using their own name does not justify the conclusion drawn by the plaintiff that the obligation to use a clear name pursued by the defendant would be unsuitable from the outset to achieve the intended goals. Additionally, the Court pointed out that according to the principle of private autonomy applicable in civil law, the contracting parties are generally free to determine performance and consideration; in the absence of statutory provisions, a standard of review is also regularly lacking in this respect. However, the exemption from content review only applies to agreements on the direct subject matter of performance, whereas provisions that restrict, change, shape or modify the user's obligation to perform must be reviewed in terms of content. This leaves only the narrow area of provisions for the description of performance exempt from review, without the existence of which an effective contract can no longer be assumed due to the lack of certainty of the essential content of the contract. Based on this standard, only the description of the services offered by the defendant ("products of the F. companies") constitutes a description of services that is exempt from content control. By contrast, the obligation to use the name also used in everyday life, which is regulated in clause 3 of the terms of use, fleshes out the content of the defendant's main service promise to its users to be able to use the services offered and restricts it with regard to the use of pseudonyms. This clause is not subject to the exceptional circumstances of section 307 (3) sentence 1 BGB. The plaintiff rightly points out that, according to the case-law of the Federal Constitutional Court and the Federal Court of Justice, anonymous statements or statements made under a pseudonym are also covered by the fundamental right of freedom of expression (Article 5(1) sentence 1 of the Basic Law) and that anonymous use is inherent in the internet In the context of the proportionality test, however, it must be taken into account that there are other social networks besides the defendant that follow a different basic principle and do not require open communication with real names and data, such as Instagram, which is also operated by the "F." group of companies, or YouTube. Insofar as the plaintiff disputes the lack of effective consent pursuant to Art. 7, 4 No. 11 GDPR with regard to the requirement to use a clear name, it cannot be heard on this point. The Senate is unable to recognise the requirement of a specific consent with regard to the clause at issue. Moreover, it must be taken into account that Article 6 of the GDPR contains further admissibility criteria for data processing in addition to the consent of the data subject, of which, in view of the above considerations, Article 6(1)(f) of the GDPR would have to be considered relevant in any case due to the legitimate interests of the defendant. The decisive question in the dispute, whether an obligation to use the real name provided for in the terms of use of a social media platform is effective and Section 13 subsec. 6 sentence 1 TMG does not preclude this obligation - possibly also as a result of displacement or interpretation in the light of the General Data Protection Regulation - has - as far as can be seen - not yet been decided by the highest courts. In the relevant commentary literature, different opinions are held on this. In view of the importance and scope of the platform "F." operated by the defendant, the question appears to be in need of clarification because it may arise in an indefinite number of cases.


Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the German original. Please refer to the German original for more details.

Tenor
I. The plaintiff's appeal against the final judgment of the Regional Court of Traunstein of 02.05.2019, Ref.: 8 O 3510/18, is dismissed.
II. With regard to the withdrawn appellate claims with numbers 3 to 12, the plaintiff is deprived of the appeal filed.
III. the costs of the appeal proceedings shall be borne by the plaintiff.
IV. The judgment is provisionally enforceable against security in the amount of 110% of the amount to be enforced.
V. The appeal is admitted.
Reasons for the decision
I.
1
After withdrawing the remainder of his appeal, the plaintiff now only demands that the defendant refrain from preventing him from changing the profile name he uses for his profile on the social media platform www.f..com, which is operated by the defendant. In the matter, the parties dispute whether the plaintiff is entitled to appear under a pseudonym in the context of his own profile.
2
The Traunstein Regional Court made the following findings of fact, insofar as they are still relevant for the appeal proceedings:
The defendant's parent company with its registered office in California operates the social network "www.f...com". For users in Europe, the defendant is the provider and contractual partner. The plaintiff maintains a private user account with the defendant. The defendant's current terms of use state in section 3, inter alia:
"When people stand behind their opinions and actions, our community is safer and more accountable. For this reason, you must do the following: - Use the same name you use in your daily life."
3
The plaintiff had originally given himself the profile name "...". In March 2018, the defendant asked the plaintiff to verify his name within the next seven days. The plaintiff was told that after this period, he could not log back in until he updated his name. He was asked the question, "Is ... the name you also use in everyday life?" Under "Your answer", the following alternative was given: "Yes, confirm the name" or "No, change the name". On 23.03.2018, the plaintiff was blocked by the defendant. After he changed his profile name to "...", the block was lifted on the same day.
4
By lawyer's letter of 26.03.2018 (Annex K 13), the plaintiff requested the defendant, setting a deadline of 09.04.2018, to declare that it did not apply the obligation to use a clear name from its terms of use to him, to allow the change of the profile name to "..." and to indemnify him from the pre-court lawyer's fees. The defendant did not comply with these requests. In his written statement of 16 November 2018 (p. ...), to the contents of which reference is made, the plaintiff extended his action by various further requests.
5
In its final judgment of 2 May 2019, the Regional Court dismissed the action in its entirety. It essentially justified the dismissal of the claim still maintained after the partial withdrawal of the appeal as follows:
6
The obligation to use a clear name regulated in No. 3 of the defendant's general terms and conditions was not invalid due to a violation of Section 13 (6) of the German Telemedia Act (TMG), according to which the service provider must enable the use of telemedia anonymously or under a pseudonym, insofar as this is technically possible and reasonable. In this context, it was irrelevant whether the statutory provision applied at all. The defendant could not reasonably be expected to use the services offered by it under a pseudonym, at least not in the sense of the provision.
7
The reasonableness was to be determined within the framework of a proportionality test related to the specific case, in which the interest of the provider was to be weighed against the user's right to informational self-determination. The plaintiff correctly pointed out that the obligation to appear on one's own profile under one's true name was not necessary in order to be able to hold a user accountable for any violations of the terms of use. According to the general view, the defendant could demand that the user identify himself to the defendant when registering. However, the defendant's interest was not limited to enabling the identification of the user for the purpose of taking repressive measures. Rather, it had a legitimate interest in users appearing under their true name - not necessarily their civil name. It had to be admitted to the plaintiff that acting under his real name would result in his statements being directly attributed to him, in particular by persons who were interested in him or his statements. The plaintiff feared reprisals from representatives of the "left-wing scene". However, he did not cite any concrete incidents. In contrast, however, the defendant had an overriding interest in taking preventive action against its users, particularly in view of the now widespread negative behaviour such as cyber-bullying, harassment, insults, threats and hateful posts. According to the court's conviction, such posts would cease, or at least be inhibited, under the compulsion of using the true name. When using a pseudonym, the inhibition threshold was much lower. The Chamber was convinced that there was a connection between anonymity and disinhibited, hurtful and dangerous behaviour. Prevention was also of considerable interest to the defendant because it could not be expected to allow itself to be referred to the possibility of subsequent sanctioning of a violation. This was because the imposition of sanctions caused considerable expense for the defendant, which, moreover, initially saw itself as the person causing the disturbance and therefore exposed to claims by the person affected by the infringement.
8
The clause was also not invalid because it violated Articles 4 and 7 of the GDPR. It did not concern a duty of consent with regard to the registration procedure. However, this could be irrelevant, because German data protection law was not applicable anyway. The responsible body within the meaning of section 3(7) of the BDSG for the decision on the collection, processing and use of personal data was the defendant, which had its registered office in Ireland. Irish data protection law was therefore applicable.
9
The Hamburg Commissioner for Data Protection and Freedom of Information was of the opinion that German data protection law applied pursuant to § 1.5 sentence 1 BDSG in conjunction with Art. 4.1 lit. A of Directive 95/46/EC, because in a Directive-compliant interpretation of § 1.5 sentence 1 BDSG the activities of the German branch F. G. GmbH, which is located in Hamburg, is decisive. However, this was not to be followed. The decision of the European Court of Justice on Google Spain (judgement of 13 May 2014, ref.: C-131/12), on which the Hamburg data protection commissioner based his view, could not be applied to social networks because the facts were different. While, from the perspective of the European Court of Justice, an extensive extension of the concept of establishment was necessary in order to justify the application of European data protection law to Google Inc. in accordance with the protective purpose of Directive 95/46/EC, this purpose was already sufficiently taken into account in the case of the defendant by the application of Irish data protection law.
10
The first instance judgment was served on the plaintiff on 07.05.2019. The plaintiff filed an appeal in a written statement dated 5 June 2019, received by the Munich Higher Regional Court on the same day, and substantiated it in a further written statement dated 28 September 2019, received on the same day, after the period for substantiating the appeal had been extended with the consent of the defendant until 30 September 2019.
11
In support of his appeal, the plaintiff essentially states - to the extent that it is still relevant after the withdrawal of the applications for appeal with paragraphs 3 to 12:
12
He has a claim that the defendant does not prevent him from changing his profile name. As already stated in the application, the provision in the defendant's General Terms and Conditions concerning the obligation to use a clear name was unlawful. In examining whether there had been a violation of Section 13(6) of the German Telemedia Act (TMG), which also serves to protect freedom of expression, the Regional Court failed to recognise that the obligation to use the true name could prevent the user from making a permissible expression of opinion. This applies in particular if the user wishes to participate in a permissible but critical manner in topics that affect the public and may be controversial, but must fear being unjustly persecuted, harassed, threatened or publicly disparaged and pilloried with his or her name. The Federal Court of Justice had already stated ten years ago that anonymous use was inherent in the internet (cf. BGH, judgment of 23 June 2009 - VI ZR 196/98).
13
Even if Section 13 (6) of the Telemedia Act were not applicable, the plaintiff's consent would not be effective. Article 25(1) of the GDPR expressly requires the provider to allow pseudonyms where necessary within the framework of the provisions on technical measures.
14
Irrespective of the violation of Section 13 (6) TMG, the defendant's policy of using pseudonyms was also contrary to morality. Furthermore, the Regional Court had failed to recognise that harassment, insults, threats and other negative virtual behaviour had increased massively in recent years despite the obligation to use a clear name. The obligation to use a clear name therefore did not lead to a corresponding inhibition. Moreover, anyone who engaged in such negative behaviour was aware that they could be prosecuted even if they used a pseudonym. It was therefore not necessary to use a clear name in order to enforce a user's responsibility for the content of his posts.
15
With his appeal, the plaintiff had originally pursued all of the motions filed at first instance. After the appeal hearing on 01.09.2020, he withdrew the applications on appeal with numbers 3 to 12 in his written statement of 25.09.2020 and now only requests:
1. the judgment of the Traunstein Regional Court of 02.05.2019 - Ref.: 8 O 3510/18 - is set aside.
2. the defendant is ordered to refrain from preventing changes to the plaintiff's profile name on his own profile ( ...) on www.f...com. In the event of a violation, the defendant is threatened with an administrative fine of up to €250,000, in lieu of which it may be held in custody, or with administrative imprisonment, to be enforced on the members of the management board.
16
The defendant applies for
Dismissal of the appeal.
17
In defence of the judgment dismissing the action, the defendant essentially states the following - insofar as this is still of interest after the partial withdrawal of the appeal:
18
Its policy on clear names, which applies to all "F." users in the European Union, is an effective means of improving the security of users and the culture of communication on "F.". It ensures that users know the identity of the people they interact with and makes them more accountable for what they say online. According to general life experience, the inhibition threshold with regard to inappropriate, insulting or even punishable statements towards third parties is higher when a true name visible to the addressee is used than when a pseudonym is used.
19
The applicant's application threatens to undermine a central component of the General Data Protection Regulation (GDPR): The protection of the free movement of data within the European Union. Recital 10(f) of the GDPR emphasises that the rules protecting the fundamental rights and freedoms of individuals with regard to the processing of personal data should be applied evenly and consistently throughout the Union. With his action, the plaintiff wanted to enforce national restrictions that directly contradicted harmonised European data protection law. The defendant's policy on clear names had been examined by the competent Irish data protection authority at the place of the defendant's head office in accordance with the harmonised European data protection standards and had been expressly declared to be in conformity therewith. On this basis, the defendant must be allowed to use and enforce its Blank Name Policy as a central element of its service when operating its service within the European Union in exercise of its freedom to process and move data within the European Union, as concretised in the General Data Protection Regulation.
20
The plaintiff overlooks the fact that the provision of Section 13(6) TMG, on which it bases its argument, conflicts with the principles of European data protection law. At European level, there was no provision comparable to Section 13(6) TMG. With the introduction of the General Data Protection Regulation, the European legislator had wanted to avoid a fragmentation of data protection law, which the previous Directive 95/46/EC had not been able to prevent. Recital 10 of the GDPR clearly prohibits national laws that conflict with the objective of creating a uniform level of data protection and removing obstacles to the free flow of personal data within the European Union. The GDPR allows national legislation only in accordance with the requirements of Art. 85 et seq. and Art. 23. None of these provisions allows a Member State to introduce an obligation for ISPs to allow their users to communicate under a false name or anonymously.
21
For the aforementioned reasons, literature and data protection authorities agree that Section 13(6) TMG expired with the introduction of the General Data Protection Regulation. The provision had already been in conflict with the earlier Data Protection Directive. The European Court of Justice had ruled in the case of ASNEF and FECEMD (C-468/10 and C-469/10, ECLI:EU:2011:777) that the Member States may neither introduce new principles concerning the permissibility of the processing of personal data in addition to Article 7 of Directive 95/46 nor impose additional conditions which would alter the scope of one of the six principles provided for in that Article (loc. cit., para. 32). § Section 13(6) of the Telemedia Act introduces a rule-exception relationship not contained in Article 7(f) of Directive 95/46/EC, according to which telecommunications service providers are in principle obliged to enable service use under a pseudonym unless this is unreasonable for them. The same applies to Article 6(f) of the GDPR, which is why there is no room for a national provision such as Section 13(6) of the Telemedia Act.
22
Irrespective of this, Section 13(6) of the German Telemedia Act (TMG) was not applicable because, according to the country of origin principle set out in Section 3 of the TMG, the law of the country in which the defendant had its registered office was decisive. Irish law does not know of any provision that obliges the provider of internet services to enable pseudonymous use of the services.
23
The District Court had correctly assumed that the policy on clear names did not require the consent of the users pursuant to Article 6(1)(a) and Article 7 of the GDPR. As part of the specification of services, the policy on the use of clear names could not be subject to review under Sections 307 et seq. of the German Civil Code. BGB. Moreover, if a service is described and a user agrees to enter into a contract for the described service, it is a matter of data processing operations that are necessary to enable the performance of such services pursuant to Art. 6(1)(b) DSGVO. Contrary to the plaintiff's view, the Plain Name Policy, which uses precise and easy-to-understand language, is also transparent.
24
Even if Section 13 (6) TMG were still applicable, the defendant had not violated this provision. As the Regional Court correctly recognised, it was not reasonable for the defendant to enable anonymous or pseudonymous use of the "F." service it offered. The plain name policy was intended to discourage users from using uninhibited, dangerous or hateful language towards other users. Even if some users were not deterred by the requirement to use a clear name, it did not follow that the provision as a whole was useless.
25
In response to the reporter's note of 16 July 2020 (file, p. 379/381), the contents of which are referred to, the defendant essentially supplemented its submissions on the inapplicability of Section 13(6) TMG as follows:
26
It was not true that the defendant had agreed on the applicability of German data protection law including Section 13 (6) sentence 1 TMG. The latter provision is a provision of data protection law which is not covered by an opening clause of the General Data Protection Regulation and therefore cannot be the subject of a choice of law. The choice of German law referred only to contractual, but not to data protection law provisions.
27
§ Section 13(6) of the Telemedia Act was to be qualified as a provision exclusively under data protection law. The provision did not serve any other legislative purpose; its regulatory content had been introduced for the first time in 1997 with Section 4(1) of the former Teleservices Data Protection Act (TDDSG). According to the explanatory memorandum to the Act, the legislature had pursued the objective of minimising or avoiding data when introducing the provision (Bundestag printed paper 13/7385, pp. 7 and 23). When the Telemedia Act was passed in 2006, the legislature had simply incorporated the data protection provisions of the Teleservices Data Protection Act into the new Act (see BT-Drucks. 16/3078, pp. 9, 12). Contrary to the view expressed in the reference, the question of whether the user of a social media platform could use the services offered to him anonymously or pseudonymously was not located upstream of the data processing. Even if the user did not give his true name to other users, the use of the "F." service involved the processing of personal data.
28
The General Data Protection Regulation fully and comprehensively regulates the implementation of data protection principles; it leaves no room for additional national provisions in this area. The objective of data minimisation pursued by Section 13 (6) TMG is regulated by the General Data Protection Regulation with a substantially different content. Despite strong suggestions from the German side - cf. in this regard the Data Protection Key Points for the Trilogue Negotiations published by the Conference of Data Protection Commissioners on 14 August 2015 (loc. cit, p. 15) published by the Conference of Data Protection Commissioners on 14 August 2015 and the note of the German delegation to the Working Party on Information Exchange and Data Protection of the Council of the European Union of 24 October 2015 (14705/14) - the European legislator decided against including a clear preference for a pseudonymous use of services in the General Data Protection Regulation, let alone standardising an obligation comparable to Section 13 (6) TMG. Article 25(1) of the GDPR requires the controller to take appropriate technical and organisational measures designed to take due account of data protection principles such as data minimisation. Pseudonymisation was explicitly mentioned as an example of a measure that could serve to achieve this goal; however, there was no corresponding obligation on the part of the controller. The same applies to Article 32 (1) of the GDPR. The fact that the European legislator had refrained from providing for pseudonymous use, despite strong suggestions from the German side, was a clear sign that it had not wanted to impose a binding restriction comparable to Section 13 (6) of the German Telemedia Act. The consequence of this was that Section 13(6) of the German Telemedia Act was no longer applicable, even if the German legislature had not complied with the requirement to repeal the provision after the entry into force of the General Data Protection Regulation.
29
Contrary to the concerns expressed in the notice of 16 July 2020, the defendant's invocation of the unreasonableness of pseudonymous use would also not reverse the rule-exception relationship provided for in Section 13 (6) TMG. Service providers within the meaning of the said provision were all providers of telemedia. The term encompassed a very broad field; among other things, it included every website. The social media platform operated by the defendant, on the other hand, was particularly dependent on users using a real name for the reasons already explained.
30
With regard to the further submissions of the parties at second instance, reference is made to the plaintiff's submissions of 28 September 2019 (file, p. ...), 10 December 2019 (file, p. ...), 24 July 2020 (file, p. ... f.) and 25 September 2020 (file, p. ...). d.A.) and 25.09.2020 (Bl. ... d.A.), the pleadings of the defendant of 03.12.2019 (Bl. ... d.A.) and 17.08.2020 (Bl. ... d.A.) as well as the minutes of 01.09.2020 (Bl. ... d.A.).
II.
31
The plaintiff's admissible appeal remains unsuccessful on the merits.
32
The Traunstein Regional Court was correct in affirming its international jurisdiction, which must also be examined ex officio in the appeal proceedings (see Federal Court of Justice, Judgment of 28 November 2002 - III ZR 102/02, NJW 2003, 426). With regard to the details, reference is made to the relevant statements of the Regional Court, which correspond to the established case law of the Senate (see judgment of 07.01.2020 - 18 U 1491/19 Pre).
33
The Regional Court rightly dismissed the plaintiff's application, which is still pending after the declared partial withdrawal of the appeal, to prohibit the defendant from preventing him from changing the profile name he used for his own profile. The defendant is not obliged under § 13.6 sentence 1 TMG to allow its contractual partners to use the "F. services" offered by it under a pseudonym. On the contrary, the obligation of the user to use the same name as he uses in everyday life, which is laid down in section 3 of the defendant's General Terms and Conditions (Annex K 1), stands up to legal scrutiny.
34
a) However, this does not already follow from the country of origin principle recognised in § 3.2 sentence 1 TMG, according to which the activities of a provider of telemedia domiciled within the European Union may not be subject to any more extensive restrictions in Germany than under the law of the Member State in which the service provider is domiciled, in conjunction with the fact that Irish law does not recognise any obligation on the part of the service provider to enable the use of telemedia under a pseudonym. This is because the defendant has expressly agreed under section 4.4 para. 2 sentence 1 of its terms of use (as of 19 April 2018; Annex K 1) for consumers who have their permanent residence in Germany that German law applies (section 3 para. 3 no. 1 TMG). Section 13 (6) sentence 1 of the German Telemedia Act (TMG) therefore also applies to the contractual relationship between the Parties, unless this provision is superseded by the application of higher-ranking law, in particular the General Data Protection Regulation (Datenschutzgrundverordnung), which has been in force in every Member State since 25 May 2018.
35
Contrary to the view of the defendant, no differentiation can be made between "contractual" and "data protection" legal provisions in the context of the choice of law made. Such a distinction cannot be inferred from the wording of section 4.4 para. 2 sentence 1 of the terms of use:
"If you are a consumer and have your permanent residence in a Member State of the European Union, the laws of that Member State will apply to any claim, cause of action or dispute you have against us arising out of or in connection with these Terms of Use or the F. Products ('Claim')."
36
Independently of this, Section 13 (6) sentence 1 TMG obliges the service provider to enable the use of telemedia anonymously or under a pseudonym, insofar as this is technically possible and reasonable for him. This obligation corresponds to a corresponding claim of the user against the service provider, which is why the provision, according to the terminology of the defendant, at least also has a "contractual" character.
37
b) The clause in dispute under clause 3 of the terms of use is also not part of the service description, which is exempt from the control of content pursuant to § 307 para. 3 sentence 1 BGB. BGB.
38
Pursuant to section 307 (3) sentence 1 BGB, subsections (1) and (2) of the provision as well as sections 308 and 309 BGB only apply to provisions in general terms and conditions that deviate from or supplement statutory provisions. Clauses which directly determine the type, scope and quality of the main contractual performance and the remuneration to be paid for it (service descriptions and price agreements), on the other hand, are excluded from the review of content. According to the principle of private autonomy applicable in civil law, the contracting parties are generally free to determine performance and consideration; in the absence of statutory provisions, a standard of review is also regularly lacking in this respect. However, the exemption from content review only applies to agreements on the direct subject matter of performance, whereas provisions that restrict, change, shape or modify the user's obligation to perform must be reviewed in terms of content. This leaves only the narrow area of provisions for the description of performance exempt from review, without the existence of which an effective contract can no longer be assumed due to the lack of certainty of the essential content of the contract (BGH, judgment of 5 October 2017 - III ZR 56/17, NJW 2018, 535, para. 15 with further references; Palandt-Grüneberg, BGB, 79th ed., section 307 para. 44).
39
Based on this standard, only the description of the services offered by the defendant ("products of the F. companies") constitutes a description of services that is exempt from content control. By contrast, the obligation to use the name also used in everyday life, which is regulated in clause 3 of the terms of use, fleshes out the content of the defendant's main service promise to its users to be able to use the services offered and restricts it with regard to the use of pseudonyms. This clause is not subject to the exceptional circumstances of section 307 (3) sentence 1 BGB.
40
c) Contrary to the plaintiff's view, however, the clause in dispute stands up to a review of its content. The obligation to use the name "F.", which is also used in everyday life, does not disadvantage the user in an unreasonable manner contrary to the requirements of good faith (§ 307 para. 1 sentence 1 BGB).
41
aa) A violation of the requirement of transparency (§ 307 para. 1 sentence 2 BGB) is not apparent. The obligation under clause 3 of the terms of use to use the same name on "F." as the user uses in everyday life is formulated clearly and understandably.
42
bb) The clause is also not incompatible within the meaning of Section 307 (2) no. 1 BGB with essential fundamental ideas of the statutory provision of Section 13 (6) sentence 1 TMG.
43
Contrary to the defendant's view, the latter provision is not superseded by the primacy of application of the General Data Protection Regulation. However, this is only because a contradiction between the overriding provisions of the General Data Protection Regulation and Section 13 subsec. 6 sentence 1 TMG can in any case be avoided by the required interpretation of this provision in conformity with EU law. With regard to the mandatory requirements of European data protection law, the Regional Court correctly found that the defendant cannot be expected to allow the use of the "F." services offered under a pseudonym against its will.
44
(1) Since 25 May 2018, the General Data Protection Regulation is binding in all its parts and directly applicable in every Member State of the European Union (Art. 99 (2) GDPR). National data protection laws can only contain national implementing, enforcement and special provisions and apply only subsidiarily (Section 1 (3) BDSG). However, according to the case law of the highest courts, it does not follow from this that the national data protection provisions would no longer be applicable from the outset (cf. on this and in the following: BGH, judgment of 24.09.2019 - VI ZB 39/18, BGHZ 223, 168, para. 31 f. with further references). Rather, priority of application of the General Data Protection Regulation can only be considered insofar as a contradiction arises between the directly applicable law of the European Union and the national German law (BGH, judgment of 5 July 2007 - IX ZR 256/06, BGHZ 173, 129, marginal no. 22 with further references). The supranationally founded law of the European Union does not have a law-destroying (derogating) effect vis-à-vis the law of the Member States, but only pushes back its application to the extent required by the Treaties and permitted by the orders to apply the law issued by the law of consent (see BVerfG, Order of 19 July 2011 - 1 BvR 1916/09, BVerfGE 129, 78, marginal no. 81). In this context, it is for the domestic courts to interpret the provisions of national law as far as possible in such a way that they can be applied in a manner that contributes to the implementation of Union law (BGH, Judgment of 24.09.2019 - VI ZB 39/18, BGHZ 223, 168, para. 32; ECJ, Judgment of 11.11.2015 - C-505/14, ZfIR 2016, 164, para. 31 et seq.).
45
(2) Section 13(6) of the German Telemedia Act (TMG) qualifies as a data protection provision. The Senate does not uphold the concerns expressed in the rapporteur's note of 16 July 2020 (loc. cit., p. 3) - as already communicated at the appeal hearing - in view of the defendant's correct comments on the legislative history of the provision.
46
A provision with corresponding regulatory content was first introduced in 1997 with § 4.1 of the former Teleservices Data Protection Act (TDDSG). According to the explanatory memorandum, with this provision the legislature pursued the goal of minimising or avoiding data (BT-Drucks. 13/7385, p. 7 and 23). When the Telemedia Act was passed in 2006, the data protection provisions of the Teleservices Data Protection Act were incorporated unchanged into the new law (BT-Drucks. 16/3078, pp. 9, 12, 15). The data protection character of Section 13 subsec. 6 sentence 1 TMG also results from the systematic position of the provision in Section 4 - Data Protection of the Act.
47
The Senate also does not adhere to the preliminary view expressed in the notice of 16 July 2020 that the question of whether the user of a social media platform can use the services offered to him anonymously or under a pseudonym is located upstream of the data processing. For with the anonymous or pseudonymous use of telemedia, the user in any case also pursues the goal of avoiding or minimising the disclosure of his or her personal data. Thus, the regulatory content of Section 13 (6) sentence 1 TMG falls within the scope of the General Data Protection Regulation.
48
In its judgment of 23 June 2009 (Ref.: VI ZR 196/08, BGHZ 181, 328, "spickmich"), the Federal Supreme Court confirmed its view that anonymous use is inherent in the internet. A restriction of freedom of expression to statements that can be attributed to a specific individual is not compatible with Article 5 (1) sentence 1 GG (BGH loc. cit., marginal no. 38). However, it cannot be deduced from this that Section 13 subsec. 6 sentence 1 TMG is primarily intended to protect freedom of expression. Rather, the Federal Court of Justice states that the provisions of Sections 12 et seq. TMG serve to protect user data vis-à-vis the service provider (BGH loc. cit.).
49
(3) The obligation of the service provider under Section 13 (6) sentence 1 of the German Telemedia Act (TMG) to enable anonymous or pseudonymous use of telemedia is in conflict with the provisions of the General Data Protection Regulation.
50
The General Data Protection Regulation does not contain a provision corresponding to Section 13 (6) sentence 1 TMG. It is not necessary to discuss in more detail whether this circumstance in itself would be sufficient to establish a contradiction between the national statutory provision and European data protection law. For it can be inferred from the legislative history of the General Data Protection Regulation referred to by the defendant that the European legislator deliberately refrained from imposing on the provider of telemedia the obligation to enable the use of telemedia anonymously or under a pseudonym.
51
As the defendant correctly points out, the German side attempted to include a right to pseudonymous use in the regulation within the framework of the European standard-setting procedure. A working paper of the German delegation of 24.10.2014 on the topic of pseudonymisation in the Working Party on Information Exchange and Data Protection of the Council of the European Union (doc. 14705/14) contained the proposal to insert an Art. 7a that explicitly provided for a "right to use aliases in information society services". Furthermore, on 14 October 2015, the Conference of Federal and State Data Protection Commissioners advocated the inclusion of a provision to protect the privacy of telemedia users, which at least for telemedia used for private purposes within the European Union makes a right to pseudonymous use binding (cf. Conference of Federal and State Data Protection Commissioners of 14 August 2015, Datenschutzrechtliche Kernpunkte für die Trilogverhandlungen zur Datenschutz-Grundverordnung, p. 15, point 14).
52
However, the German proposals have not found their way into the General Data Protection Regulation. Rather, pseudonymisation is only mentioned in Art. 25(1) and Art. 32(1) GDPR as a possible suitable (technical and organisational) measure for data minimisation or for secure data processing, whereby the decision is transferred to the data controller and no obligation is established in this regard. In view of the course of the standard-setting procedure, the silence of the General Data Protection Regulation with regard to a user's right to pseudonymous use of telemedia can therefore be regarded as "eloquent". This has the consequence that in this respect, too, a conclusive regulation of the matter by the General Data Protection Regulation must be assumed, which in principle precludes a deviating national regulation.
53
(4) However, the contradiction between the provision of Section 13 (6) sentence 1 TMG and the provisions of the General Data Protection Regulation can be resolved by interpreting the former provision in conformity with EU law.
54
(i) Section 13 subsec. 6 sentence 1 TMG only obliges the provider of telemedia to enable their use anonymously or under a pseudonym to the extent that this is reasonable. The reasonableness is to be determined within the framework of a proportionality test related to the specific case, in which the interest of the provider is to be weighed against the user's right to informational self-determination (Hullen/Roggenkamp in: Plath, Datenschutzgrundverordnung, 3rd ed., 2018, Section 13 TMG marginal no. 41 with further references).
55
(ii) As the Regional Court rightly recognised, this weighing is in favour of the defendant in the present case:
56
The interest pursued by the defendant in requiring users to use their true name is not exhausted by being able to identify users more easily in the event of violations of its terms of use. In view of the meanwhile widespread socially harmful behaviour on the internet - cyber bullying, harassment, insults and hate speech - the defendant has a legitimate interest in having a preventive effect on its users. The Senate shares the view of the Regional Court that the obligation to use the true name is in principle suitable to deter users from unlawful conduct on the internet. When using a pseudonym, the inhibition threshold is significantly lower according to general life experience. Against this, the plaintiff cannot object that the obligation to use the true name had no inhibiting effect because the negative behaviour described had massively increased on the internet in recent years despite the existing obligation to use a clear name. The fact that individual users commit breaches of the terms of use even using their own name does not justify the conclusion drawn by the plaintiff that the obligation to use a clear name pursued by the defendant would be unsuitable from the outset to achieve the intended goals.
57
The plaintiff rightly points out that, according to the case-law of the Federal Constitutional Court and the Federal Court of Justice, anonymous statements or statements made under a pseudonym are also covered by the fundamental right of freedom of expression (Article 5(1) sentence 1 of the Basic Law) and that anonymous use is inherent in the internet (see BGH, judgment of 23 June 2009 - VI ZR 196/08, BGHZ 181, 328, para. 38). In the context of the proportionality test, however, it must be taken into account that there are other social networks besides the defendant that follow a different basic principle and do not require open communication with real names and data, such as Instagram, which is also operated by the "F." group of companies, or YouTube.
58
Some of the commentary literature takes the view that in the case of social networks with a primarily private character - "F." is explicitly mentioned in this context - an obligation on the part of the user to use his or her real name cannot be justified without further ado on the grounds of the supposed unreasonableness of anonymous or pseudonymous use (cf. Hullen/Roggenkamp in: Plath, DSGVO/DSG, 3rd ed. 2018, § 13 TMG marginal no. 42 with reference to Hoeren/Sieber/Holznagel/Schmitz, part 16.2 marginal no. 205; Spindler/Schuster, Elektron. Medien/Spindler/Nink, 3rd ed. 2015, TMG, § 13 marginal no. 22). Especially on the social web, there is sometimes a legitimate need to publish statements at least under a pseudonym. A conflict between the right to pseudonymous use of telemedia granted in principle by Section 13 (6) sentence 1 TMG and the provisions of the General Data Protection Regulation is denied by representatives of the latter view with the argument that pursuant to Art. 5 (1) lit. c GDPR, the processing of personal data must be limited to what is necessary for the purpose of the processing, and according to Art. 5(1)(e) GDPR, personal data must be stored in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data are processed. It is derived from this that even under the GDPR, anonymous or at least pseudonymous use of telemedia must be made possible if such use is reasonable for the service provider (so Hullen/Roggenkamp loc. cit., para. 43 with further references).
59
This line of argument cannot be followed. It ignores the course of the standard-setting procedure of the General Data Protection Regulation, from which it can be inferred that the European standard-setter, contrary to the German proposals, deliberately did not grant users of social networks the right to use a pseudonym, and does not deal with the fact that pseudonymisation is only mentioned in Art. 25(1) and Art. 32(1) of the General Data Protection Regulation as a possible measure for data minimisation or for secure data processing, but does not establish a corresponding obligation on the part of the controller. At any rate, taking into account the requirements of the General Data Protection Regulation, the defendant is to be granted greater leeway with regard to the criterion of reasonableness contained in Section 13 (6) sentence 1 TMG. It can therefore plead that it is unreasonable for it to allow the use of the "F." services offered by it under a pseudonym, contrary to the communication concept pursued with the creation of this platform.
60
cc) Finally, the clause at issue does not restrict any essential rights and obligations resulting from the nature of the contract of use existing between the parties in such a way that the achievement of the purpose of the contract is jeopardised (Section 307 (2) no. 2 BGB).
61
The nature of a contract is determined by the purpose and the content of the contract.
62
In the case of non-standardised contracts, the model of the contract shaped by the customary understanding of the market is to be taken as a basis. However, the customary form of the contract is only decisive insofar as it is consistent with the fundamental values of the legal system. In the absence of relevant norms, the judge must take into account the expectations of fairness typical of honest business transactions and work out a normative model for the type of contract (Palandt-Grüneberg, BGB, 79th ed., § 307 marginal no. 34 with further references).
63
The contract of use existing between the parties is a non-standardised contract sui generis. The defendant offers its users functions and services, which it provides, inter alia, via its website www.f...com. The defendant also offers its users the possibility to use the website. In particular, it offers users the possibility to post contributions within their own profile and to comment on the contributions of other users, insofar as these allow a comment (see no. 1 and 3 of the terms of use, annex K 1). The defendant does not claim any remuneration for the services it offers. However, the user grants the defendant a non-exclusive, transferable, sub-licensable and worldwide licence to host, use, distribute, modify, perform, copy, publicly perform or display, translate or create derivative works from its content (cf. section 3.3.1 of the terms of use), as well as the right to use its name, profile picture and information about its interaction with advertisements and so-called sponsored content (cf. section 3.3.2 of the terms of use).
64
According to the case law of the highest courts, which has already been cited several times, anonymous use is in principle inherent in the internet (BGH, judgment of 23 June 2009 - VI ZR 196/08, BGHZ 181, 328, para. 38). However, due to the dominant position of the defendant as operator of "F.", by far the largest social media platform, the customary design of such platforms is also shaped by the plain name policy pursued by the defendant on this platform. The use of the specific "F." services offered by the defendant is also not only reasonably possible by using a pseudonym.
65
When examining the question of whether the customary design is in line with the fundamental values of the legal system, the requirements of the directly applicable General Data Protection Regulation must in turn be taken into account, which precisely does not know any obligation of the service provider to enable the pseudonymous use of telemedia. With regard to the details, reference is made to the above statements under lit. bb. Therefore, the plaintiff cannot derive a claim to the use of a pseudonym in the context of his own profile from the nature of the contract of use concluded with the defendant.
66
Irrespective of this, the plaintiff has also not comprehensibly shown that the obligation to use his real name on "F." jeopardises the achievement of the purpose of the contract. The fact that the plaintiff has undisputedly been appearing on his profile under his real name since the end of March 2018 already speaks against this.
67
c) Insofar as the plaintiff disputes the lack of effective consent pursuant to Art. 7, 4 No. 11 GDPR with regard to the requirement to use a clear name, it cannot be heard on this point. The Senate is unable to recognise the requirement of a specific consent with regard to the clause at issue. Moreover, it must be taken into account that Article 6 of the GDPR contains further admissibility criteria for data processing in addition to the consent of the data subject, of which, in view of the above considerations, Article 6(1)(f) of the GDPR would have to be considered relevant in any case due to the legitimate interests of the defendant.
68
d) The plaintiff has not comprehensibly explained to what extent the policy of using clear names pursued by the defendant is supposed to be contrary to morality (§ 138 (1) BGB). A violation of morality is also not apparent.
69
e) Contrary to the concerns expressed in the note of 16.07.2020, no legal effects, in particular no extension of the force of law pursuant to Section 11 UKlaG, can be derived from the judgment of the Berlin Regional Court of 16.01.2018, Case No.: 16 O 341/15, for the present legal dispute.
70
The Berlin Regional Court had based its decision primarily on the requirement of effective consent pursuant to Sections 4, 4a BDSG (old version), which are no longer in force since the application of the General Data Protection Regulation. The provision of Section 4 BDSG a.F. (permissibility of data collection, processing and use) has been replaced by Art. 6 DSGVO, the provision of Art. 4a BDSG a.F. (consent) by Art. 4 No. 11, Art. 7 DSGVO. In addition to the consent of the data subject, the new provision in Art. 6 DSGVO now provides for further admissibility criteria for data processing, of which Art. 6 para. 1 lit. f DSGVO comes into consideration in the present case. Insofar as res judicata has effects for the future, a change in law must be taken into account (see Zöller/Vollkommer, ZPO, 33rd ed. 2020, Vor § 322 marginal no. 53), so that a binding effect on the judgment of the Berlin Regional Court can no longer be assumed.
III.
71
The decision on costs is based on § 97.1 of the Code of Civil Procedure.
72
(2) The ruling made by way of order under No. II of the operative part that the plaintiff is forfeited the appeal filed, insofar as he withdrew it in his statement of 25 September 2020, has its legal basis in § 516.3 of the Code of Civil Procedure.
73
The decision on provisional enforceability is based on section 709 sentences 1 and 2 of the Code of Civil Procedure.
74
The subject matter of the appeal proceedings is a non-pecuniary dispute. Only the award of costs is enforceable, the value of which, however, exceeds the amount of €1,500 referred to in § 708 no. 11 ZPO. With regard to the principle of uniformity of the decision on costs, it is irrelevant in this respect that the plaintiff already has to bear the proportionate costs for the withdrawn applications for appeal by operation of law (§ 516.3 sentence 1 ZPO).
75
The Senate allows the appeal on the grounds of fundamental importance (§ 543.2 sentence 1 no. 1 ZPO).
76
The decisive question in the dispute, whether an obligation to use the real name provided for in the terms of use of a social media platform is effective and Section 13 subsec. 6 sentence 1 TMG does not preclude this obligation - possibly also as a result of displacement or interpretation in the light of the General Data Protection Regulation - has - as far as can be seen - not yet been decided by the highest courts. In the relevant commentary literature, different opinions are held on this. In view of the importance and scope of the platform "F." operated by the defendant, the question appears to be in need of