In its decision of September 15, 2025 (I ZB 36/25), the Federal Court of Justice made it clear that the right to representation by data protection associations according to Art. 80 GDPR does not abolish the requirement to have a lawyer before regional and higher regional courts. In this respect, it remains the case that those affected must also observe the rules of the Code of Civil Procedure in data protection proceedings – even if they are supported by an association.
The association sues without a lawyer – and fails
Table of Contents
One affected person objected to the processing of her data by a psychiatric expert. She appealed against a district court ruling, but was not represented by a lawyer but by a data protection association. The Meiningen regional court rejected the appeal as inadmissible because the association was not capable of making a postulation. The affected person applied for legal aid for a legal complaint, but failed before the Federal Court of Justice.
Central question: Can an association avoid the requirement to have a lawyer?
Art. 80 Para. 1 GDPR allows those affected to commission a non-profit organization to exercise their rights. The plaintiff argued that this also included the right to lodge an appeal independently. The BGH contradicted: The GDPR does grant associations one Power of representationbut none Postulation ability – i.e. the right to appear before courts that require a lawyer.
GDPR does not change the obligation to have a lawyer
The BGH emphasized that Art. 80 GDPR only regulates wer may assert rights, but not How. The Code of Civil Procedure (ZPO) stipulates in Section 78 Paragraph 1 that parties must be represented by a lawyer before regional and higher regional courts. This regulation is not affected by the GDPR.
Art. 80 GDPR as a representation regulation, not as a procedural rule
The regulation allows associations to file complaints or bring legal action on behalf of those affected. However, it does not exempt them from the procedural requirements of national law. The wording of the norm speaks only about the “exercise” of rights, not about the power to appear independently in court.
No gap in legal protection
The plaintiff invoked the principle of equal legal protection (Art. 3 Para. 1 GG). But the BGH did not see this as a violation: those affected can still be represented by a lawyer – the association can support them, for example by providing advice or covering costs.
Clear legal situation, no fundamental meaning
Since the question had already been clarified in literature and case law, the BGH rejected legal aid. The GDPR does not create any special rules for the legal process.
Data protection associations as supporters, not as litigants
The decision underlines that the GDPR strengthens collective legal protection, but the Procedural autonomy of the Member States respected. Anyone who wants to sue in higher courts needs a lawyer – even if an association is in the background. For those affected, this means: Although they can seek advice from data protection organizations, they must still hire a lawyer to enforce their claims in court. The BGH’s clarification prevents associations without legal qualifications from conducting lawsuits and thus ensures the quality of the administration of justice. At the same time, the path remains open for lawyers to work together with associations to take action against data protection violations.
