Data Subject versus Telecommunications Company – Court Ruling (Germany, 2025)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A court in Germany ruled that a telecommunications company did not break the law when it shared a customer's positive contract information with a credit agency. The customer claimed this caused him emotional distress and hurt his reputation. The court decided the company had a valid reason to share the information, which is important for businesses to understand.
What happened
The telecommunications company shared a customer's positive contract details with SCHUFA, a credit information agency, without the customer's consent.
Who was affected
The customer whose contract information was shared with SCHUFA.
What the authority found
The court ruled that the company had a valid legal basis for sharing the information, as it was necessary for credit risk assessment.
Why this matters
This case highlights that companies can share certain customer information without consent if it's necessary for business purposes. Businesses should be aware of their obligations and the legal bases for processing personal data.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
In March 2020, the data subject concluded a postpaid mobile phone contract with a telecommunications provider (controller). The following day, the controller reported the existence and terms of the contract, including its type, duration, and the parties involved (positive data) to SCHUFA, a credit information agency. It did not report any payment default information (negative data). The data subject was informed about this practice in the contractual documentation. On October 2023, the data subject became aware of the entry, following an access request to SCHUFA under Article 15 GDPR. The data subject brought a case before the court of first instance (Regional Court Nürnberg-Fürth-LG Nürnberg-Fürth) claiming that the transfer of his positive data was unlawful because he never provided his consent. Furthermore, the unlawful transmission of his data to SCHUFA caused him emotional distress, reputational concern, anxiety and a loss of control over his personal data. He also referred to an earlier rejection of a credit application for a television purchase (valued at approximately €800) and argued that the SCHUFA entry had contributed to this outcome. The data subject sought: # compensation for material and immaterial damages under Article 82 GDPR; # a cease-and-desist order against further transmissions without consent; # a declaration of liability for potential future damages. The controller defended that the processing was lawful, arguing that the data was limited to positive contractual information, that the transmission was necessary for fraud prevention and credit risk assessment in mass-market telecommunications services, and that Article 6(1)(f) GDPR provided a valid legal basis. The court of first instance dismissed the action as unfounded stating that the data subject had no claim against the controller for the damages sought under Article 82(1) GDPR, as he had not been able to prove to the court's satisfaction that he had suffered material or non-material da
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (1)
Other cases involving Data Subject versus Telecommunications Company in DE
Details
About this data
Cite as: Cookie Fines. Data Subject versus Telecommunications Company - Germany (2025). Retrieved from cookiefines.eu
Last updated: