Court case W214 2228164-1 – Court Ruling (Austria, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
An Austrian court found that a credit agency was right to keep financial data about a person, even after they settled a debt. This ruling shows that credit agencies can retain data to assess creditworthiness under certain conditions.
What happened
The court ruled that a credit agency could retain financial data about a person after they paid off a debt.
Who was affected
The person whose financial data was kept by the credit agency.
What the authority found
The court decided that the credit agency's data processing was justified under GDPR, as it was necessary for assessing creditworthiness.
Why this matters
This decision clarifies that credit agencies can keep financial data for credit assessments, as long as they follow GDPR principles like data accuracy and necessity. It reassures businesses that they can retain certain data if it's essential for their operations.
GDPR Articles Cited
National Law Articles
Insolvency proceedings were pending against the data subject due to claims in the amount of approximately €500,000. The proceedings were suspended in July 2016 because a reorganisation plan was filed in bankruptcy. The data subject paid the payment plan in August 2016. The controller is a credit scoring agency with a trade license according to § 152 of the Austrian Trade Regulation Act (GewO). It used the aforementioned financial data in its file on the basis of which his creditworthiness was assessed. The controller rejected the data subject’s request to delete the financial data. Subsequently, the data subject filed a complaint before the Austrian DPA (DSB). The DSB decided that the right to be forgotten was not infringed and rejected the complaint. The data subject has filed an administrative appeal against this decision. The Austrian Federal Administrative Court (BVwG) ruled that the data subject was not entitled to deletion. Such a right did not arise from Article 17(1)(a), (c) or (d) GDPR. In particular, this was justified by the fact that the processing operations at issue were in compliance with the principles of Article 5 GDPR and that they could be based on the legal basis of Article 6(1)(f) GDPR. = The BVwG ruled that the principle of process limitation was respected. The assessment of creditworthiness by credit agencies is a defined and clear purpose recognised by the legal system. This can be derived from § 152 GewO. The data were also accurate and complete because the controller noted in its database that the reorganization plan filed in bankruptcy was handled immediately by the complainant. They were also fundamentally necessary and suitable in order to be able to make a prognosis about the future payment behaviour of the data subject. The court focused on the issues “storage limitation” and “data minimization” and decided that those principles were followed as well. It ruled that data on financial defaults can be processed for up to 5
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Court case W214 2228164-1 in AT
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Court case W214 2228164-1 - Austria (2021). Retrieved from cookiefines.eu
Last updated: