DSB (DPA) – Court Ruling (Austria, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
An Austrian court ruled on a case where a person's business profile was displayed online without their consent. The court found that the person did not provide enough evidence to support their claims about inaccurate data. This ruling highlights the need for clear communication when requesting data changes.
What happened
A person requested the removal of their personal data from an online platform but did not provide sufficient evidence for their claims.
Who was affected
The individual whose business profile was published online without their consent was affected.
What the authority found
The court held that the individual did not submit a proper request for data correction or removal, which weakened their case.
Why this matters
This ruling emphasizes the importance of providing clear and documented requests when seeking changes to personal data, which can help prevent misunderstandings.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
The data subject's business profile appeared on an online platform operated by the controller. The profile displayed his name, address, telephone number, opening hours, profile pictures and information about peak visiting times. In 2020, the data subject submitted a request seeking the erasure of his personal data. He argued that he had not consented to the processing and that some of the published data were inaccurate. In particular, he claimed that profile pictures had been wrongly associated with his business profile. In 2021, the data subject lodged a complaint with the Austrian DPA against the controller. He alleged violations of his right to rectification (Article 16 GDPR), his right to erasure (Article 17 GDPR) and the right not to be subject to a decision based solely on automated processing (Article 22 GDPR). He argued that the controllers had rejected his erasure request and that the automatic assignment of profile pictures involved unlawful automated processing. The DPA asked the data subject to provide evidence of a rectification request and of a request concerning Article 22 GDPR. The data subject replied that his statements about inaccurate data should be treated as an implicit rectification request. He also argued that Article 22 GDPR did not require a prior request to the controller. The DPA rejected the complaint concerning Article 16 GDPR and Article 22 GDPR, as it found that the data subject had never submitted a rectification request or a request under Article 22 GDPR to the controllers, only a deletion request. During the proceedings, the controllers removed and corrected some information. However, the data subject maintained that incorrect profile pictures and opening hours continued to appear because of automated updates. First, the court held that the right to rectification under Article 16 GDPR generally required a prior request to the controller. The court noted that the data subject must identify which data are inaccurate and explain how
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for DSB (DPA) in AT
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. DSB (DPA) - Austria (2023). Retrieved from cookiefines.eu
Last updated: