Court case W292 2301229-1 – Court Ruling (Austria, 2025)

In 2024, a data subject filed a complaint to the DPA regarding the right to erasure of stored payment history data. The controller, a credit reporting agency, updated the data subject’s credit score following an out of court proceedings in 2019. The data subject’s request for a loan was rejected on the basis that banks received the information “Score value 0 - no calculation possible” when requesting information about the data subject. This value was an error as a result of the controller not being able to correctly assign a numerical value to the out of court proceedings. The entries analysed by the DPA and Court were the ones on the completion of out of court settlement and “Score value 0: No calculation possible”. In its decision, the DPA applied the reasoning of CJEU case law (the SCHUFA case) to conclude that the processing of payment history also constitutes a serious interference with the fundamental right to privacy and data protection ([https://www.europarl.europa.eu/charter/pdf/text_en.pdf Articles 7 and 8 CFREU]). The DPA then applied national law on time limits in processing of data related to insolvency procedures, arguing that the controller should have deleted the data relating to the out of court settlement. By not deleting this information the controller was violating the data subject's right to erasure under Article 17 GDPR. The controller disputed the DPA's reasoning and brought an appeal to the Federal Administrative Court. The controller argued that the SCHUFA case did not apply, because it related to publicly accessible data. It also claimed that the data processing was not a serious interference with the data subject's fundamental rights. The Court upheld the decision on the DPA regarding automated processing, but dismissed the reasoning on processing of payment history. The Court upheld the arguments of the controller, and stated that the facts of the current case differ in essential elements to SCHUFA. The Court conclud