contest
Can companies sue competitors for data protection?
A look at the automated medication store of a pharmacy. photo
© Jan Woitas/dpa-Zentralbild/dpa
It’s about sensitive health data: Are consumers only allowed to go to court if they fear treatment that is too lax – or is a competitor too? The civil judges at the BGH have looked at it.
The European Court of Justice (ECJ) must clarify whether competitors are allowed to go to court because of possible data protection violations by companies. The Federal Court of Justice (BGH) in Karlsruhe suspended two proceedings on Thursday in order to have the facts examined in Luxembourg. The main issue here is whether the European General Data Protection Regulation (GDPR) conflicts with national regulations that grant competitors such a right to take legal action in the event of assumed data protection violations. (Az. I ZR 222/19 and others)
The question is particularly interesting because companies in particular are vigorously pursuing rights, said the presiding judge of the first civil senate, Thomas Koch. If a person is specifically affected, he can complain anyway. Whether consumer protection organizations without a person directly affected also have a general right of action will be clarified in a separate procedure at the Federal Court of Justice – a request is also being made to the ECJ on this.
In the specific cases at issue, a pharmacist is suing two competitors who sell products via the Amazon Internet platform. From his point of view, health data within the meaning of the GDPR is collected, which allows conclusions to be drawn about the state of health of a person. This should not happen without express consent. The competition sees it differently. However, the Higher Regional Court of Naumburg had agreed with the plaintiff.
What kind of species is it specifically?
Due to this special topic, the BGH also wants to know from the ECJ whether the details collected during the ordering process, such as delivery address and type of pharmacy-only – but not prescription-only – medication are health data within the meaning of the GDPR. Judge Koch made it clear that the orderer of the preparations does not necessarily have to be the patient or consumer.
The BGH lawyer for the defendant, Thomas Winter, also said at the hearing in September that an order via the Amazon Marketplace could not be used to draw any conclusions about the actual patient. You could just as well order nasal spray for your children. The contract is concluded directly with the pharmacist, only he has access to the products.
On the other hand, plaintiff representative Peter Rädler argued that Amazon also had access to this data – but no pharmaceutical staff worked there. In addition, the pharmacist does not intervene as in the sales room, for example, when people say false things about a product – as can happen in customer reviews, for example.
With regard to consumer advocates, the BGH had heard a similar case at the time, in which the Federal Association of Consumer Protection Organizations was taking action against the Internet company Facebook. In November, the Senate announced that it would involve the ECJ in Luxembourg again for detailed questions. (Az. I ZR 186/17)
The first time the BGH had asked the ECJ for advice on whether the association’s right to sue violated the GDPR. The judges in Luxembourg ruled in April that associations entitled under national law could go to court instead of users in the event of data protection violations by Internet giants – even without a specific order from those affected. The ECJ did not comment on the question of whether a company’s competitors are also entitled to sue.