A German court has ruled that Facebook cannot access or process contact data belonging to individuals who are not registered on the platform through its “Find Friends” feature, marking a significant decision under European data protection laws.
The Regional Court of Berlin ordered Meta Platforms Ireland, Facebook’s parent company, to cease uploading, processing, or transferring personal contact data stored on users’ mobile or desktop devices to its servers without proper legal grounds.
The case stems from a 2018 lawsuit filed by the Federation of German Consumer Organizations, which challenged Facebook’s data practices under the European Union’s General Data Protection Regulation (GDPR). Legal proceedings took several years as courts clarified who holds standing to bring GDPR-related claims.
Under the ruling, which is not yet final, Meta could face fines of up to €250,000 if it repeats the violation.
The court determined that collecting user data from external sources to build “usage profiles” for advertising purposes without explicit and prior consent is unlawful. Judges emphasized that social media platforms cannot indiscriminately gather personal data, particularly when it concerns individuals who are not members of the service.
Ramona Pop, a board member of the consumer protection federation, said the ruling reinforces the principle that platforms must respect privacy boundaries. She noted that when users activate the “Find Friends” function, contact information from their devices is transmitted to Meta’s servers — a practice the court found unlawful when it involves third parties who have not consented.
However, the court did not grant the consumer group’s request to prohibit the creation of usage profiles for non-registered Facebook visitors. Meta denied engaging in such advertising practices, and the plaintiffs were unable to provide sufficient evidence to substantiate the claim.
The decision underscores increasing regulatory pressure on major tech companies operating in the European Union and reinforces the strict standards imposed by GDPR on personal data processing, consent requirements, and digital privacy protections.
Follow the latest news on Google News
