German Court Rules on Facebook Data Breach Compensation of Approximately €100

• A court in Germany decided that users impacted by Facebook privacy and security lapses between 2018 and 2019 are eligible for compensation.
• During these years, Facebook's friend search feature allowed an unauthorized third party to collect user information.
• The court suggested that affected people could receive approximately €100 as financial compensation.

The Federal Court of Justice (BGH) in Germany declared that Facebook users affected by data breaches in 2018 and 2019 are eligible for compensation. The BGH's ruling states that the unauthorized access of user data is grounds for compensation, even in the absence of specific financial loss. 

The court highlighted the inherent value of data control, emphasizing that the mere loss of control over personal data is sufficient for seeking damages, according to Reuters.

The case stems from a data breach involving information collected through Facebook's friend search feature. The incident allowed unauthorized third parties to access user accounts by exploiting vulnerabilities, such as guessing phone numbers. Previously dismissed by a lower court in Cologne, the claims will now be revisited following the BGH's decision.

Meta, Facebook's parent company, has consistently denied liability, arguing that no concrete damages were proven by claimants. However, the BGH's stance challenges this position, suggesting that affected users could receive around €100 as compensation. This ruling could potentially impact up to 6 million individuals in Germany who were affected by the data leak.

Meta has disagreed with the BGH's ruling, stating it conflicts with recent European Court of Justice decisions. A spokesperson from Meta emphasized that German courts have previously dismissed similar claims, reinforcing the company's stance that the incident did not constitute a traditional data breach.

This development underscores the evolving legal perspectives on data privacy and compensation for breaches. As businesses and users alike grapple with the implications, this ruling sets a precedent for future data protection cases in Europe and beyond.

In other news, an ongoing malvertising campaign uses Facebook ads that impersonate several popular brands to distribute the malware, including ExpressVPN, Telegram, and Netflix, to distribute the SYS01 InfoStealer.