January 2026

TMT Newsletter | January 2026

Outlook

EUCOM is expected to publish the draft Digital Networks Act (DNA) on 21.01.2026 (Agenda of the European Parliament). On 22.01.2026, AG Emiliou will deliver the Opinion, i.a., on whether storing user-generated content by Online-Content-Sharing Service Providers (OCSSPs) – in addition to a communication to the public – constitutes a reproduction within the meaning of Art. 2 InfoSoc Directive (C-579/24). On the same day, the CJEU will hear a case on whether the supervisory authority of a complaint procedure under Art. 77 GDPR simultaneously qualifies as a controller under Art. 15 in conjunction with Art. 4(7) GDPR and is therefore obliged to provide information (C-205/25). On 29.01.2026, the CJEU will hear a case on whether Art. 3(5) Directive 2014/61/EU (Broadband Cost Reduction Directive) conflicts with a national provision allowing network operators to choose between ADR and litigation when accessing physical infrastructure (C-164/25). On 24.02.2026, the German Federal Court of Justice will decide whether a foreign state (Kingdom of Morocco) can rely on claims that are based on reputation and "state dignity" against German media companies (VI ZR 415/23, VI ZR 416/23). On 05.02.2026, AG Emiliou will deliver the Opinion on whether a betting provider’s freedom to provide services (Art. 56 TFEU) precludes claims for reimbursement arising from unlawful online bets (C-530/24). On 10.02.2026, the CJEU will rule on an appeal by WhatsApp against a judgment by the General Court confirming a binding decision of the EDPB under Art. 65(6) GDPR (disagreements over breaches of transparency obligations) (C-97/23 P).

CJEU-AG – Fair balance between the public's right to information and copyright law

According to AG Szpunar, Art. 5(3)(c) InfoSoc Directive allows the use of copyright-protected works for "reporting on current events". He considers a national provision limiting such use to short extracts to be compatible with EU law. However, a ban on deriving economic or commercial benefit from that use would deprive the press exception of its effectiveness and therefore violate EU law (opinion C-598/24).

CJEU – Data collection via body cameras when inspecting transport tickets falls under Art. 13 GDPR

This is because the data is obtained directly from the data subject themselves. He must be informed immediately about the information referred to in Art. 13(1) GDPR (i.a., the controller’s identity, purposes and legal basis for the processing). Key information may be displayed on a sign, while further details may be made available in an easily accessible location (C-422/24).

CJEU – Occupancy rate as a benchmark for appropriate license fees

A collecting society may be in breach of its dominant market position (Art. 102(2)(a) TFEU) if the actual room occupancy is not taken into account when license fees for broadcasting receivers in hotel rooms are calculated. The occupancy rate affects the potential use of works and the economic benefit of the license, thus shaping the relation between the license fee and the economic value of the service (C-161/24; different view had been taken by AG Szpunar).

CJEU – Trademark revocation due to misleading information about the designer

Art. 12(2)(b) Directive 2008/95 and Art. 20(b) Directive 2015/2436 allow for such revocation. They require the "existence of actual deceit or a sufficiently serious risk that the consumer will be deceived". Such situation does not result from the mere fact that the (original) designer is not the trademark owner. It does, however, occur if goods feature decorative elements containing the designer’s name (C-168/24).

CJEU – Design protection also applies to cases of "customizing"

For a design to be protected, it is not required that the designer substantiates a minimum degree of originality. The assessment is based solely on the criteria of "novelty" and an "individual character" (Art. 4(1) Regulation No 6/2002,Community Design Regulation). Selective modifications to ready-made building components do not preclude protection. Fashion trends do not restrict a designer's freedom in the same way as technical requirements do. Therefore, minor differences between designs cannot produce a different overall impression (C-323/24).

CJEU – Private copying remuneration for commercial end users does not necessarily violate InfoSoc-Directive

Selling storage media to commercial end users carries the risk that private individuals will make unauthorized copies. A national provision that obligates manufacturers, sellers and importers of storage media to pay private copying remuneration is compatible with Art. 5(2)(b) InfoSoc Directive. However, this applies only if the regulation provides for exemptions or reimbursement in cases where private copying can be excluded or is restricted (C-822/24).

CJEU – In cases of illegal online gambling, damage occurs at the player’s place of residence

An Austrian player brought an action for compensation of his gambling losses against a Malta-based gambling operator that lacked the required license. Damage is deemed to have occurred at the player’s place of residence (Art. 4 Rome II Regulation). Consequently, the player could rely on Austrian tort law. Exceptions are only possible in cases where the unlawful action is connected more closely with another State (C-77/24).

CJEU-AG – No communication to the public in case of geo-blocking

According to AG Rantos, it is not required that a work made available on the internet is addressed at the public of a specific country to qualify as a communication to the public in that country (Art. 3(1) InfoSoc Directive). However, if website operators implement “state of the art” geo-blocking measures, this prevents a communication to the public in the restricted countries. This applies even if it is technically possible to circumvent such restrictions (e.g., by means of a VPN). VPN providers are generally not liable for such circumvention (opinon C-788/24).

German Federal Court of Justice – No immediate deletion of payment default data

Credit agencies are not required to delete non-public data on payment defaults immediately after the debt has been settled. They may determine retention deadlines, provided that these periods balance the interests involved. It is not required to align with the deletion deadlines of public registers (e.g., Section 882e German ZPO). CJEU case law on the retention of data from public registers (C-26/22 and C-64/22) is not applicable. The Federal Court of Justice remanded the case to the Higher Regional Court of Cologne (I ZR 97/25).

German Federal Court of Justice – Request for a preliminary ruling on the use of dynamic fonts

The case concerns a deliberate use of web crawlers to detect GDPR-infringing font integrations on websites. The Federal Court of Justice asks whether dynamic IP addresses are personal data within the meaning of Art. 4(1) GDPR. The court also asks whether a claim for damages under Art. 82 GDPR exists for deliberate, systematic GDPR violation – or if such claims may be excluded due to abusive conduct, when the requirements were created artificially and solely for the purpose of obtaining financial benefits (VI ZR 258/24).

Higher Regional Court of Munich – Unlawful data collection by "business tools"

The operator of a social network had monitored the behavior of users on third-party websites using so-called "business tools" and transmitted the collected data to its servers. The operator is responsible for the collection and transmission of the data (Art. 4(7) GDPR). The data processing is neither covered by consent (Art. 6(1)(a) GDPR) nor by other statutory exceptions (Art. 6(1)(b)–(f) GDPR). This was, in particular due to a breach of the principle of data minimization (14 U 1068/25 e).

Higher Regional Court of Frankfurt am Main – Liability of third-party cookie-providers in the absence of consent

Tech and analytics companies that save cookies on end user devices are – alongside website operators – obligated to obtain consent in accordance with Section 25 German TDDDG. This statutory obligation cannot validly be altered by contractual agreements with the website operator. The burden of proof lies with the party saving the cookies (here: the third-party cookie-provider) (6 U 81/23).

Regional Court of Munich I – Inclusion of advertising in streaming may constitute a contractual modification

A streaming platform had informed its users via email that streams may contain advertising in the future and that "no further action" was required. This notice was misleading within the meaning of Section 5(2) German UWG. It had created the impression that the platform was only required to provide ad-funded streaming services while it actually constituted a unilateral (and invalid) modification of the contract (33 O 3266/24, not yet legally binding).

Regional Court of Hamburg – "Correctiv" newspaper report on so-called "Potsdam meeting" was lawful

The specific wording "Masterplan zur Ausweisung deutscher Staatsbürger" (Master plan for the expulsion of German citizens) used by the newspaper to describe the meeting combines judgmental and factual elements. The court, however, qualifies it as a permissible expression of opinion, taking into account the full context of the article. According to the court, readers are able to distinguish between quotations and judgmental descriptions when reading the original report. This was not the case when reading third-party articles (referred to by preliminary decisions on this matter) (324 O 6/25, press release of 19.12.25, not yet legally binding).