KSV1870 Information GmbH – Court Ruling (Austria, 2026)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A court ruled that KSV1870 Information GmbH improperly used a credit score to reject a customer's application for energy supply. The customer claimed they never consented to automated decision-making, which caused them stress. This case highlights the importance of transparency and accuracy in automated decision-making processes.
What happened
The court found that KSV1870 Information GmbH used an inaccurate credit score to automatically reject a customer's application without proper consent.
Who was affected
The individual whose application for energy supply was rejected based on an inaccurate credit score from KSV1870 Information GmbH.
What the authority found
The court ruled that KSV1870 violated GDPR by relying on inaccurate information and failing to obtain consent for automated decision-making.
Why this matters
This ruling emphasizes the need for companies to ensure accuracy in automated processes and to be transparent with users about how their data is used.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
An individual (the data subject) intended to conclude an energy supply contract online with Go Green Energy GmbH (the energy provider). After initially receiving an email accepting the data subject as a customer the data subject's contract was automatically rejected due to an insufficient credit score provided to the energy provider by KSV1870 Information GmbH (the credit information agency or "KSV"). Therefore, the credit information agency's credit score led to the automated rejection of the data subject's application for the energy supply contract. The data subject eventually submitted a request to the energy provider requesting information under GDPR, in particular regarding the data exchanged with KSV. Furthermore, he submitted an access request with KSV under Article 15 GDPR. The data subject considered KSV’s response to his access request to be incomplete and filed a lawsuit claiming damages from KSV as well as the energy provider. The data subject claimed that he never consented to automated decision-making, but that the two controllers subjected him to such decision-making unlawfully in violation of Article 22 GDPR. Moreover, the data subject claim that the controllers relied on inaccurate information to calculate his credit rating, thus breaching the principle of accuracy under Article 5(1)(d) GDPR. The data subject argued that the refusal caused him worry, annoyance and stress, thereby resulting in non-pecuniary damage. He claimed €1,500 from both controllers under Article 82 GDPR in court. KSV claimed that it processed personal data under Article 6(1)(f) GDPR (i.e. legitimate interest) and that all data subjects have the right to request correction of their personal data used for the purpose of credit rating. Moreover, KSV argued that it only provided the energy provider with a credit rating, which was not a sufficient reason for a refusal to enter into a contract, and that it had no control over the energy provider's reasons for refusal. Therefore,
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for KSV1870 Information GmbH in AT
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. KSV1870 Information GmbH - Austria (2026). Retrieved from cookiefines.eu
Last updated: