Court case W298 2322178-1 – Court Ruling (Austria, 2026)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
An Austrian court found that a credit information agency did not violate a person's rights when it provided incomplete information about their credit score. The court ruled that the person did not properly exercise their rights under GDPR. This case emphasizes the importance of clearly stating access requests.
What happened
A person complained that a credit agency gave them flawed information about their credit score calculation.
Who was affected
The individual who requested information from the credit information agency.
What the authority found
The court decided that the credit agency did not violate GDPR because the person's request was too limited.
Why this matters
This ruling highlights that individuals must be clear and comprehensive in their data requests. Small businesses should ensure they understand how to respond to access requests properly.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
A data subject made an access request to a credit information agency (the controller) in 2023. He later filed a complaint with the Austrian DPA and alleged that the controller had violated his right of access under Article 15 GDPR by providing him partially flawed and inconsistent information. In particular, the data subject claimed that no information regarding the logic involved in the calculation of credit scores were disclosed by the controller. The data subject also stated that his right to information, rectification, erasure, restriction of processing, objection and the right not to be subjected to automated decision-making under Articles 14 and 16–22 GDPR had been violated. While the controller provided further access in course of the procedure, it argued that it provided all information required under Article 15 GDPR. After the DPA initially ordered the data subject to provide more information regarding his complaint, the DPA found no infringement of the GDPR. In particular, the DPA held that the data subject limited its access request to partial information and that he failed to exercise his rights under Article 16–22 GDPR before failing the respective complaint. The data subject subsequently appealed the decision to the Austrian Federal Administrative Court. The court dismissed the data subject’s appeal. First, the court interpreted the access request narrowly and found that the controller had not violated Article 15 GDPR. It stated that the data subject had limited his access request to concern certain information only and held that the controller had provided him all such information. Second, the court could not find any infringement of Article 14 GDPR: it held that the data subject had failed to elaborate why he considered his right to information had been violated. Furthermore, the court stated that Articles 16–22 GDPR had not been infringed, as the data subject had not exercised his rights under these provisions by sending the controller a corre
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Court case W298 2322178-1 in AT
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Court case W298 2322178-1 - Austria (2026). Retrieved from cookiefines.eu
Last updated: