Private Individual – Court Ruling (Germany, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A private individual won a court case after a debt collection agency failed to remove a claim from a credit reference agency despite a settlement. The court ruled that the agency did not follow the proper procedures for deleting the claim. This case highlights the importance of following through on agreements related to personal data.
What happened
A debt collection agency did not delete a registered claim from a credit reference agency after a settlement was reached.
Who was affected
A person who had a debt with a bank and was affected by the claim registered with the credit reference agency.
What the authority found
The Administrative Court ruled that the debt collection agency was required to ensure the claim was deleted, as per the settlement agreement.
Why this matters
This case illustrates the need for companies to adhere to agreements regarding personal data. It serves as a reminder that individuals have rights over their data and can seek legal recourse if those rights are not respected.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
Controller (company B) is a company that collects debts. The data subject had a contractual relationship with a bank (company A), since they had a credit card account at this bank. The data subject experienced payment difficulties in 2017, which resulted in debt. Ultimately, this led company A to commission company B with the collection of the accumulated debt. Although it remained disputed between the parties whether the data subject and company B concluded a payment arrangement to pay off the debt, the data subject then paid instalment fees to company B to resolve the whole debt. However, company B still registered a claim for €1,546 with SCHUFA Holding AG. This is a credit reference agency that registers debt so that other companies can assess a customer's creditworthiness. The data subject then brought the action before the Regional Court of Lüneburg (Case number 3 O 143/20), in which the data subject and company A concluded a settlement, in which company A promised to have the registered claim of €1,546 removed from the database of SCHUFA Holding AG, pursuant to Article 17(1)(a) GDPR. Company B then contacted the SCHUFA Holding AG to have the claim removed, but the latter did not fulfil the request for deletion. On 10 February 2021, the data subject filed a complaint with the Hessian DPA. The DPA, however, rejected the complaint because it did not see a violation of the GDPR. Consequently, it held that there was no possibility of obliging SCHUFA Holding AG to delete the entry. It was assumed that an agreement on payment in instalments had not been concluded, even if the data subject had behaved in this way. The data subject appealed against this decision before the Administrative Court of Wiesbaden. The Administrative Court of Wiesbaden upheld the appeal. First, the Court considered that the Hessian DPA is the competent supervisory authority pursuant to Article 64(1)(a) GDPR, and that the Court is competent to hear the disputes pursuant to Section 20(1) a
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (2)
Other cases involving Private Individual in DE
Court Ruling
Details
About this data
Cite as: Cookie Fines. Private Individual - Germany (2021). Retrieved from cookiefines.eu
Last updated: