by Barbara Schmitz//
In its judgment of 18 December 2025 (Case No. 14 U 1068/25e), the Munich Higher Regional Court (OLG München) awarded a Facebook user non-material damages in the amount of EUR 750. The case concerned the processing of personal data via so-called Meta Business Tools, including the Meta Pixel and the Conversion API, without a valid legal basis and without providing sufficient information to the user.
The claimant has been using Facebook since 2021. As part of its advertising-based business model, Meta relies on tracking technologies that are integrated into third-party websites and apps, such as news portals, dating services and online shops. Through these tools, Meta collects various categories of data, including contact-related information, device and browser data, URLs and user interactions.
Procedural background
In the first-instance proceedings before the Regional Court of Augsburg (AG Augsburg – 101 O 1844/24), the claimant argued that she had noticed advertisements related to topics she had previously searched for online. She also expressed concerns that third parties might gain access to this information. The Regional Court dismissed the claim in its entirety, holding that the claimant’s submissions were speculative and lacked sufficient factual substantiation. In particular, the court found that she had not demonstrated which specific data had been processed unlawfully, when this had occurred and in what manner.
On appeal, the Munich Higher Regional Court partially overturned this decision. It confirmed the claimant’s legal interest in a declaratory judgment, granted an injunction and awarded non-material damages of EUR 750. However, the injunction was limited to unjustified data processing; Meta was not prohibited from any and all collection, transfer, storage or use of the data at issue. The court allowed an appeal on points of law (revision) to the Federal Court of Justice (BGH) for both parties.
Key findings of the court
According to the court, the Facebook user agreement does not provide a sufficient legal basis for the disputed data processing. Such processing is lawful only where it is based on informed consent or a specific legal justification under data protection law. The Senate expressly referred to the principle of data minimisation and described the potentially unlimited scope of the data collected as a serious and manifest violation.
When assessing the non-material damage, the court took into account not only the volume and nature of the data processed but also the fact that typical browsing behaviour may reveal particularly sensitive information. A decisive factor for the finding of a loss of control was that Meta had not disclosed which concrete data relating to the claimant was actually stored and processed.
The court rejected an additional monetary compensation for a violation of the general right of personality under German civil law, holding that compensation under Article 82 GDPR was sufficient.
The judgment reinforces the view that covert and complex tracking practices may give rise to compensable non-material damage even in the absence of a specific financial loss. The court’s detailed reasoning on the calculation of damages (paras. 334 et seq.) underlines the practical relevance of such claims, particularly in mass litigation scenarios. As the appeal on points of law was admitted, further clarification by the Federal Court of Justice can be expected.
Position within the current case law
The Munich decision forms part of an increasingly dynamic – and for Meta largely unfavourable – development in German case law. Numerous courts are currently dealing with claims for damages arising from the use of Meta Business Tools and the associated collection of so-called off-platform data, i.e. data relating to user behaviour outside the platform itself. In many cases, courts have characterised the systematic tracking of browsing behaviour across third-party websites as unlawful surveillance, especially where users were not adequately informed or were unable to give valid consent.
A striking feature of this case law is the wide range of damages awarded to date. While some higher regional courts, such as the Munich court in the present case, have awarded relatively moderate amounts, others have considered significantly higher sums to be appropriate. For example, the Higher Regional Court of Dresden (OLG Dresden) awarded non-material damages of EUR 1,500 per affected user. Importantly, the claimants were not required to prove on which specific websites they had been tracked; the existence of an account combined with the established data collection practices was deemed sufficient.
Many decisions at regional court level also fall within a range from approximately EUR 1,500 to several thousand euros per affected person, with some awards exceeding this level. Taken together, these cases demonstrate a clear judicial tendency to treat uncontrolled and intransparent data collection via third-party websites as a serious interference with privacy.
At the same time, collective enforcement mechanisms are gaining importance. Several mass and model proceedings aim to bundle the claims of large numbers of users and to establish structural violations of data protection law. In some cases, lump-sum damages of several thousand euros per person are being claimed.
Against this background, a ruling by the Federal Court of Justice (BGH) clarifying the criteria for the assessment of non-material damage and the applicable standards of proof would be highly desirable. Given the large number of individual and collective proceedings with divergent damage awards, the admitted revision in the Munich case is of particular significance, as it offers an opportunity to harmonise the case law at the highest national level.
Barbara Schmitz, lawyer, BAY GmbH Wirtschaftsprüfungsgesellschaft Rechtsanwaltsgesellschaft, München