DSB (DPA) – Court Ruling (Austria, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A business owner wanted his personal information removed from an online platform but was denied by the company running the site. The court found that the business owner did not properly request changes to his data, which is crucial for protecting personal information. This case shows the importance of following the right procedures when asking for data corrections.
What happened
A business owner requested the removal of his personal data from an online platform but did not submit a formal rectification request.
Who was affected
The business owner whose profile information was displayed online without his consent.
What the authority found
The authority decided that the business owner failed to make a proper request for data correction, which led to the dismissal of his complaint.
Why this matters
This ruling underscores the importance of understanding and following the correct procedures for data requests. Website operators should ensure they have clear processes in place for users to manage their personal information.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The data subject's business profile appeared on an online platform operated by the controller. The profile displayed his name, address, telephone number, opening hours, profile pictures and information about peak visiting times. In 2020, the data subject submitted a request seeking the erasure of his personal data. He argued that he had not consented to the processing and that some of the published data were inaccurate. In particular, he claimed that profile pictures had been wrongly associated with his business profile. In 2021, the data subject lodged a complaint with the Austrian DPA against the controller. He alleged violations of his right to rectification (Article 16 GDPR), his right to erasure (Article 17 GDPR) and the right not to be subject to a decision based solely on automated processing (Article 22 GDPR). He argued that the controllers had rejected his erasure request and that the automatic assignment of profile pictures involved unlawful automated processing. The DPA asked the data subject to provide evidence of a rectification request and of a request concerning Article 22 GDPR. The data subject replied that his statements about inaccurate data should be treated as an implicit rectification request. He also argued that Article 22 GDPR did not require a prior request to the controller. The DPA rejected the complaint concerning Article 16 GDPR and Article 22 GDPR, as it found that the data subject had never submitted a rectification request or a request under Article 22 GDPR to the controllers, only a deletion request. During the proceedings, the controllers removed and corrected some information. However, the data subject maintained that incorrect profile pictures and opening hours continued to appear because of automated updates. First, the court held that the right to rectification under Article 16 GDPR generally required a prior request to the controller. The court noted that the data subject must identify which data are inaccurate and explain how
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for DSB (DPA) in AT
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. DSB (DPA) - Austria (2023). Retrieved from cookiefines.eu
Last updated: