Meta Faces Mounting Legal Challenges Over Data Collection Practices in Europe

Meta, the parent company of Facebook, Instagram, and Messenger, is facing increasing scrutiny and legal action in Europe over its data collection practices. Recent court rulings and ongoing lawsuits highlight concerns about privacy violations under the General Data Protection Regulation (GDPR) and the Digital Markets Act (DMA).

Data Collection from Non-Users Deemed Unlawful

The Berlin II Regional Court has ruled that Meta’s practice of collecting data from individuals who are not users of its services is unlawful. This occurs when friends or acquaintances upload contact lists containing names, telephone numbers, and email addresses, which then end up on Meta’s servers [1]. While the court did not order the deletion of already collected data, it mandated that Meta cease this practice. Affected non-users can request the deletion of their data through a dedicated information page offered by Meta.

Ongoing Lawsuits and Potential Damages

Beyond this ruling, Meta is contending with further legal challenges. Higher regional courts in Dresden and Munich have allowed lawsuits against Facebook to proceed, focusing on the company’s business practices [1]. It is estimated that approximately 50 million people in Germany and 6 million in Austria are affected by Meta’s data collection, potentially leading to damages claims in the double-digit billion euro range.

Meta Business Tools Under Fire

Several cases brought by the Federal Association of Consumer Organizations have centered on Meta’s Business Tools. The LG Berlin II has issued rulings requiring Meta to provide information, delete data, and pay damages of €2,000 to individuals whose data was collected and processed without proper consent [3]. These tools allow Meta to track users’ digital movements across websites and apps, creating detailed profiles that include sensitive information such as political views, religious beliefs, health data, and even details about online purchases and search behavior.

Previous GDPR Violations and Financial Penalties

In April 2025, the Berlin Regional Court ordered Meta to pay €2,000 in damages to six individuals for violating the GDPR through the use of Meta Business Tools [2]. The court found that Meta collected and processed personal data without obtaining proper consent.

Concerns Over Enforcement and AI Training

Recent judgments regarding Meta’s practices have raised concerns about the effective enforcement of EU law, particularly in the context of artificial intelligence. The company’s plans to train its AI models on user-generated content from Facebook and Instagram have also drawn criticism, with NGOs taking legal action to prevent what they argue are violations of the GDPR and DMA [1].

What Non-Users Can Do

Individuals who are not Meta users can check if their contact information has been collected by visiting a special information page provided by Meta and request its removal. A specific form, hidden within the page’s text regarding affected individuals’ rights, facilitates this deletion process, ensuring the data is also blocked from future uploads.

The verdict from the Berlin court is not yet final, and Meta has the right to appeal.