-
Digital advisory & IT consulting
Mastering digitalisation together
-
Operational Advisory
Solidifying and supporting transformation
-
Deal Advisory
We’ll advise you on national and international transactions
-
Valuation & economic and dispute advisory
We’ll value your business fairly and realistically
-
Debt advisory & treasury services
Funding and treasury consulting to the client’s advantage
-
Tax for businesses
Because your business – national or international – deserves better tax advice.
-
Tax for financial institutions
Financial services tax – for banks, asset managers and insurance companies
-
Global mobility services
Avoid double taxation – and minimise costs
-
Employment law
Representation for businesses
-
Commercial & distribution
Making purchasing and distribution legally water-tight.
-
Financial Services | Legal
Your Growth, Our Commitment.
-
Business legal
Doing business successfully by optimally structuring companies
-
Real estate law
We cover everything on the real estate sector, the hotel industry, and the law governing construction and architects, condominium ownership, and letting and renting.
-
IT, IP and data protection
IT security and digital innovations
-
Mergers & acquisitions (M&A)
Your one-stop service provider focusing on M&A transactions
-
Sustainability strategy
Laying the cornerstone for sustainability.
-
Sustainability management
Managing the change to sustainability.
-
Legal aspects of sustainability
Legal aspects of sustainability
-
Sustainability reporting
Communicating sustainability performance and ensuring compliance.
-
Sustainable finance
Integrating sustainability into investment decisions.
-
Grant Thornton B2B ESG-Study
Grant Thornton B2B ESG-Study
-
International business
Our country expertise
-
Entering the German market
Your reliable partners.
Landmark decision by the Federal Court of Justice
In a landmark decision, the Federal Court of Justice (BGH) has determined that Facebook is liable to pay damages for non-material damage owing to an infringement of the General Data Protection Regulation (GDPR). The crucial point is that it no longer depends on specific misuse of data to the data subject’s detriment or other additional negative consequences that make themselves felt (e.g. psychological impact through loss of data, anxiety, concern).
Loss of control decisive for claims for damages
In harmony with European Court of Justice case law, it is alone the “loss of control”, as it is known, that is determinative here – the mere loss of control of one’s own personal data for a short time owing to an infringement of the GDPR may constitute non-material damage as defined by the Regulation. The data subject has not consented to the specific use of his or her data and cannot ultimately trace how or whether the data are processed.
Amount of damages picks up speed
Consequently, in such cases, the data subject must only prove that he or she was the victim of the incident. The Federal Court of Justice decided in this particular case that damages of 100 euros were appropriate for the loss of control. The amount may not be spectacular, but the Federal Court of Justice also affirmed a claim to determine the duty to refund any future damage. However, since this Federal Court of Justice decision eases the requirements for non-material damage, companies risk being sued en masse if such a data protection infringement becomes known. The quality of the data involved may well also be relevant to the development of how much damages are awarded in future – if it is special personal data, such as religious affiliation, sexual orientation or health data, higher damages can be expected. This may apply all the more if control is lost of lots of relevant data of many different kinds, such as when data are analysed by various apps.
Companies on an alarm setting
In such cases, legal rearguard actions will be limited. Companies will most likely no longer be able to mount the defence that they have done everything they could in the way of technical safeguarding and handling the data legally. At any rate, the decision does not make certain whether or to what extent companies can appeal to their compliance with technical and organisational standards. So companies absolutely must give data protection even more consideration in developing products and services, their internal processes, using personal data in their own operations and in data security.