1. unknown (complainant before the Austrian Data Protection Autority) – Court Ruling (Austria, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
An Austrian credit agency refused to give a full copy of personal data to a person who requested it, leading to a court case. The court asked the EU's top court to clarify what 'copy' means under GDPR. This is important because it could affect how companies respond to data access requests.
What happened
An Austrian credit agency did not provide a full copy of personal data when requested.
Who was affected
A person who requested access to their personal data from an Austrian credit agency.
What the authority found
The Austrian Data Protection Authority agreed with the agency that the data provided was sufficient, but the case was referred to the CJEU for clarification.
Why this matters
This case could set a precedent for how companies must respond to data access requests, impacting how personal data is shared with individuals.
GDPR Articles Cited
A data subject (the complainant) sent an access request to an Austrian credit reference agency (the respondent), requesting (i.a.) a copy of their personal data undergoing processing pursuant to Article 15(3) in a commonly used electronic format. The respondent only provided a table that contained the personal data (name, date of birth, address data business functions of the data subject) in an aggregated form but refused to provide an actual copy of the data undergoing processing, such as database print-outs or email correspondence regarding the complainant. The respondent argued that Article 15(3) GDPR does not entitle a data subject to receive a copy of the data in the sense of a facsimile of the data. Furthermore, the disclosure of a copy would also violate the respondent's business secrets, since a copy of data from a relational database (such as the respondent's identity and creditworthiness database) would inevitably also reproduce the logical-mathematical links of the individual data records. The complainant argued that Article 15(3) GDPR entitles them to a copy of the data in the very form that these data are undergoing processing. A controller has no right to limit the right of access to a modified aggregation of the relevant data. The Austrian Data Protection authority (Datenschutzbehörde - DSB) followed the respondents argument and rejected the complainant's claim. It deemed the data and information provided by the respondent to be sufficient. The complainant consequently filed an appeal with the Austrian Federal Administrative Court (Bundesverwaltungsgericht - BVwG). The BVwG stayed the procedure and requested the CJEU's preliminary ruling under Article 267 TFEU on the following questions: 1. Is the term "copy" in Article 15(3) GDPR to be interpreted as meaning a photocopy or facsimile or an electronic copy of (electronic) data, or does the term also cover a "transcript", un "double" ("duplicata") or a "transcript", as understood in German, French an
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for 1. unknown (complainant before the Austrian Data Protection Autority) in AT
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. 1. unknown (complainant before the Austrian Data Protection Autority) - Austria (2021). Retrieved from cookiefines.eu
Last updated: