Tech Law Standard

Tech Law Standard

Share this post

Tech Law Standard
Tech Law Standard
A Victory for Privacy as German Court Bans Tricky Consent Tactics Used by Big Tech
Copy link
Facebook
Email
Notes
More

A Victory for Privacy as German Court Bans Tricky Consent Tactics Used by Big Tech

Germany’s highest civil court has ruled that bundling user consent with actions like clicking “Play” violates GDPR. This decision against Meta redefines how digital consent must be obtained.

Tech Law Standard's avatar
Tech Law Standard
Apr 30, 2025
∙ Paid
5

Share this post

Tech Law Standard
Tech Law Standard
A Victory for Privacy as German Court Bans Tricky Consent Tactics Used by Big Tech
Copy link
Facebook
Email
Notes
More
3
Share

Tired of apps sneaking off with your data the moment you click “Play”? Germany’s BGH court just called time on that shady game. In a major win for privacy, the court ruled that Meta’s old App Centre tricks violated GDPR. Here’s why this matters, and what it means for digital consent going forward.

German Court (BGH) Upholds GDPR Consent Rules: No More Sneaky “Play to Agree”

In a victory for user privacy and transparency, Germany’s Federal Court of Justice (BGH), the highest court for civil and criminal matters, has delivered a major ruling reinforcing core principles of the EU’s GDPR.

To receive new updates and support Tech Law Standard, consider becoming a subscriber.

The case in question involved Meta (Facebook) and its App Center, and whether Facebook obtained valid consent from users to share data with third-party apps.

The BGH’s answer: No, it did not because users were not properly informed or asked. The ruling, issued on March 27, 2025, confirms that bundling consent with actions like clicking “Play” without clear disclosure violates the GDPR’s requirements for informed, freely given consent​. It’s also significant because it affirms that consumer associations can sue over GDPR breaches, not just regulators, a boost for collective enforcement of privacy rights.

The origins of this case go way back to 2012, when the Federation of German Consumer Organisations (vzbv) sued Facebook over its App Center practices​. In Facebook’s App Center, users could find free games and apps (think FarmVille et al. back in the day).

When a user clicked “Play Now” on a game, Facebook would automatically share the user’s data (like their name, email, friends list, etc.) with the game developer and allow the app certain permissions. There was a small notice stating that by clicking, the user agrees to this data transfer​. But there was no separate consent checkbox or detailed info upfront. Essentially, “By clicking Play, you agree we give your data to this app”.

Post-GDPR (which came into effect in 2018), this practice was clearly dodgy. The case eventually led to a question for the European Court of Justice (CJEU) on whether consumer bodies could bring such privacy lawsuits.

This post is for paid subscribers

Already a paid subscriber? Sign in
© 2025 Tech Law Standard
Publisher Privacy ∙ Publisher Terms
Substack
Privacy ∙ Terms ∙ Collection notice
Start writingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More