A German court said on Monday that Facebook users whose data was illegally obtained in 2018 and 2019 were eligible for compensation.
The Federal Court of Justice (BGH) ruled that the loss of control over one's data online was grounds for damages without having to prove specific financial losses.
Thousands of Facebook users in Germany are demanding compensation from parent company Meta for insufficient protection of their data after unknown third parties were able to access user accounts by guessing phone numbers.
The claims, which stem from a data breach in 2021 of information gathered through the Facebook friend search feature, had been dismissed in principle by a lower court in Cologne and will now have to be re-examined.
The plaintiff had demanded damages of 1,000 euros ($1,056), but the BGH said that around 100 euros would be appropriate with no proof of financial loss.
According to the Karlsruhe-based court, the lower court must determine whether Facebook's terms of use were transparent and comprehensible, and whether users' consent to the use of their data was voluntary.
Meta previously refused to pay compensation on the grounds that those affected had not been able to prove any concrete damages.
A Meta spokesperson said the BGH's ruling was "inconsistent with the recent case law of the European Court of Justice, the highest court in Europe."
"Similar claims have already been dismissed 6,000 times by German courts, with a large number of judges ruling that no claims for liability or damages exist," the spokesperson said. "Facebook's systems were not hacked in this incident and there was no data breach."
Roughly six million people in Germany were affected by the leak.
