Court case W214 2216836-1 – Court Ruling (Austria, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
An Austrian court ruled that a credit agency did not have to delete a person's credit information, as the data processing was lawful. The court found that the agency's actions were justified under privacy laws and that the data was accurate and necessary. This decision underscores the balance between privacy rights and legitimate business interests.
What happened
A credit agency refused to delete a person's credit information, which the court found lawful.
Who was affected
An individual whose credit information was maintained by a credit agency.
What the authority found
The court ruled that the credit agency's data processing was lawful, as it was necessary and based on legitimate interests.
Why this matters
This ruling highlights that businesses can lawfully retain personal data if it serves a legitimate purpose and is handled appropriately. It reassures companies that they can maintain necessary records for business operations while respecting privacy laws.
GDPR Articles Cited
National Law Articles
The controller is a credit scoring agency with a trade license according to § 152 of the Austrian Trade Regulation Act (GewO). It used, inter alia, two receivables against the data subject and various former addresses (8 moves in 11 years) in its file on the basis of which his creditworthiness was assessed. The receivables amounted to mid-double-digit amounts. They arose between 2016 and 2017. The data subject was in a so-called continued qualified default of payment with regard to both receivables. This means that there was a delay in payment, the first two reminders by the creditor and also a third reminder by a collection agency had been unsuccessful. In 2018, the data subject paid the receivables. The controller then entered a "positively settled" note for each of the receivables in its data system. The controller rejected the data subject’s request to delete the two receivables as well as all his former addresses. Subsequently, the data subject filed a complaint before the Austrian DPA (DSB). The DSB decided that the right to be forgotten was infringed since the controller did not follow the request. The controller has filed an administrative appeal against this decision. The Austrian Federal Administrative Court (BVwG) ruled that the data subject was not entitled to deletion. Such a right does not arise from Article 17(1)(a), (c) or (d) GDPR. In particular, this was justified by the fact that the processing operations at issue were in compliance with the principles of Article 5 GDPR and that they could be based on the legal basis of Article 6(1)(f) GDPR. = == The BVwG ruled that the principle of process limitation was respected. The assessment of creditworthiness by credit agencies is a defined and clear purpose recognised by the legal system. This can be derived from § 152 GewO. The data were also accurate and complete because the controller entered a “positively settled” remark after the two claims have been paid. They were also fundamentally necessary
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Court case W214 2216836-1 in AT
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Court case W214 2216836-1 - Austria (2021). Retrieved from cookiefines.eu
Last updated: