KSV1870 Information GmbH – Court Ruling (Austria, 2026)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A court in Austria ruled on a case involving KSV1870 Information GmbH, which used incorrect credit information to deny a customer an energy supply contract. This decision is important as it highlights the need for accuracy in automated decision-making processes.
What happened
KSV1870's inaccurate credit score led to the automatic rejection of a customer's application for an energy supply contract.
Who was affected
A customer whose application for an energy supply contract was denied due to incorrect credit information from KSV1870.
What the authority found
The court found that KSV1870 and the energy provider unlawfully subjected the customer to automated decision-making without proper consent, violating GDPR rules.
Why this matters
This case emphasizes the importance of accuracy and transparency in automated decision-making. Companies should ensure they have accurate data and proper consent before making automated decisions.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
Entities Involved
An individual (the data subject) intended to conclude an energy supply contract online with Go Green Energy GmbH (the energy provider). After initially receiving an email accepting the data subject as a customer the data subject's contract was automatically rejected due to an insufficient credit score provided to the energy provider by KSV1870 Information GmbH (the credit information agency or "KSV"). Therefore, the credit information agency's credit score led to the automated rejection of the data subject's application for the energy supply contract. The data subject eventually submitted a request to the energy provider requesting information under GDPR, in particular regarding the data exchanged with KSV. Furthermore, he submitted an access request with KSV under Article 15 GDPR. The data subject considered KSV’s response to his access request to be incomplete and filed a lawsuit claiming damages from KSV as well as the energy provider. The data subject claimed that he never consented to automated decision-making, but that the two controllers subjected him to such decision-making unlawfully in violation of Article 22 GDPR. Moreover, the data subject claim that the controllers relied on inaccurate information to calculate his credit rating, thus breaching the principle of accuracy under Article 5(1)(d) GDPR. The data subject argued that the refusal caused him worry, annoyance and stress, thereby resulting in non-pecuniary damage. He claimed €1,500 from both controllers under Article 82 GDPR in court. KSV claimed that it processed personal data under Article 6(1)(f) GDPR (i.e. legitimate interest) and that all data subjects have the right to request correction of their personal data used for the purpose of credit rating. Moreover, KSV argued that it only provided the energy provider with a credit rating, which was not a sufficient reason for a refusal to enter into a contract, and that it had no control over the energy provider's reasons for refusal. Therefore,
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for KSV1870 Information GmbH in AT
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. KSV1870 Information GmbH - Austria (2026). Retrieved from cookiefines.eu
Last updated: