German consumer organisations to be empowered to sue businesses for data protection law breaches
A draft Bill, scheduled for April, will allow consumer organisations to take businesses to court for non-compliance with Germany’s Data Protection Act, Justice Minister, Heiko Maas, announced on 11 February.
Consumer rights organizations in Germany often pursue individual rights in terms of breaches of consumer protection legislation and unfair competition laws. The proposed amendment to the law will also strengthen consumer organisations’ pursuit of claims under data protection law.
The Federation of German Consumer Organisations - Verbraucherzentrale Bundesverband (VZBV), a non-governmental organisation acting as an umbrella for 41 German consumer associations, welcomed the announcement resulting from the coalition agreement. VZBV stated that the new amendment would create a legal basis for consumer organizations to take legal action against data protection violations and seek a cease and desist order. This would be achieved by an amendment to the Injunctions Act (UKlaG) so that both data protection laws and consumer protection laws would come within the meaning of § 2, paragraph 2 UKlaG.
Such a case was heard last year. On 19 November 2013, the Regional Court of Berlin ruled that Google Inc.’s privacy and policy terms of service violated Germany’s data protection law. VZBV had filed the complaint against Google and listed 25 particular clauses within the terms of service that the VZBV considers are too vague and restrict German consumers’ rights.
Gerd Billen, the former head of VZBV was appointed State Secretary (a top civil servant) in the Ministry of Justice and Consumer Affairs. One of his explicit aims is the drafting of this amendment to the law. This new Bill is part of the coalition agreement of the newly elected government so it is highly likely that it will enter into force.
Alleged unfair consent terms have also been points in cases involving Samsung and Apple. Such cases involving data protection law are now likely to become more frequent, as companies must comply with both data protection law and consumer protection law and need to understand how they interact.
This subject is on the agenda of Privacy Laws & Business’s Roundtable in Munich on 28-29 April titled New trends in Germany’s data protection law. Speakers include:
- Thomas Kranig, the President and two Heads of Department of Bavaria’s Data Protection Authority (DPA) and the Head of Division of Hesse’s DPA. (In Germany, it is the Lander, such as Bavaria and Hesse, which are responsible for interpreting data protection law for the private sector), and
- Dr. Rainer Stentzel, Head of Unit, Data Protection Law and Reform of Data Protection in Germany and Europe, the Federal Ministry of Interior, Berlin
- Deutsche Telekom, lawyers, and consultants.
See full details of this event, hosted in Munich by Linklaters LLP and Roland Berger Strategy Consultants, see