Successful lawsuit by NRW consumer association before Cologne Regional Court
- Telekom Deutschland GmbH is prohibited from transferring personal data to the USA for analysis and marketing purposes when using the “www.telekom.de” website.
- Specifically, this involves the IP address, information about the browser used and the terminal device used.
When the “www.telekom.de” website is called up, TelekomDeutschland GmbH transmitted personal data to Google LLC in the USA in order to use its Google Ad Services analysis and marketing services.
This has now been prohibited by the Regional Court of Cologne in a ruling obtained by the NRW consumer association (33 O 376/22). “Companies must ensure that our data protection standards are also complied with across national borders. If they do not meet the special requirements for this, valuable consumer data may not be transferred,” notes Wolfgang Schuldzinski, Executive Director of Verbraucherzentrale NRW.
The Cologne Regional Court is one of the first courts to find a violation of the principles of the “Schrems II” decision of the European Court of Justice (ECJ). In 2020, the report came to the conclusion that the U.S. does not have an adequate level of data protection and that data transfers are therefore subject to particularly high hurdles. The Cologne Regional Court referred to the ECJ and ruled that Telekom did not comply with the strict requirements of the General Data Protection Regulation (GDPR) when transferring data to the United States. It had not taken sufficient measures to ensure that personal data would be
DSGVO-compliant transfer to the USA. A simple consent in the cookie banner via the button “Accept all” was not sufficient for an explicit consent for the third country transfer to the USA. This would require more extensive education of consumers.
The judgment is not yet final.