The Leipzig District Court in Germany has ruled that users of Facebook can receive EUR 5,000 each as compensation for privacy breaches by Meta’s Business Tools.

This ruling sets an important precedent in the enforcement of European privacy laws. On July 4th, 2025, the court determined that Meta Platforms Ireland Limited violated the General Data Protection Regulation (GDPR) through its extensive data tracking systems.

The court found that Meta’s Business Tools significantly breached GDPR rules by engaging in pervasive surveillance of users’ online activities. This allowed the company to generate substantial advertising revenue from unauthorized use and processing of personal data. Tracking tools embedded on various websites and apps sent user data to Meta, enabling individual identification even when users did not log into their Instagram or Facebook accounts.

This information was transferred globally to third countries, notably the United States, where it was processed by Meta in ways that are still largely unknown for European users. The scale of data processing is vast, which could lead to comprehensive monitoring of users’ online behaviors.

Compensation and Legal Basis

The decision was based solely on Article 82 of the GDPR, as per court filings, distinguishing this ruling from similar cases handled by other German courts. This establishes a European framework for determining compensation in such matters. Privacy advocates have highlighted numerous instances where Meta’s tracking methods operated without the knowledge or consent of users.

The court awarded EUR 5,000 to each Facebook user based on the commercial value that this data holds for Meta’s advertising business, considering it operates one of the largest social media advertising platforms. However, the ruling acknowledged that individual users might pursue legal action without needing to demonstrate specific personal damages.