Der Hessische Landesbeauftragte für den Datenschutz und die Informationsfreiheit – Court Ruling (Germany, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A German court ruled that a lawyer could disclose health information during a court case without violating privacy laws. This decision matters because it clarifies when sensitive data can be shared in legal settings. It shows that in some cases, sharing such information is necessary to fulfill legal obligations.
What happened
A lawyer disclosed a former employee's health data during a court case without violating privacy rules.
Who was affected
The affected person was a lawyer who had a stroke and was on sick leave, whose health data was shared in court.
What the authority found
The court decided that sharing health data in a legal dispute is allowed if it's necessary for the case, based on GDPR rules.
Why this matters
This ruling clarifies that in legal disputes, sharing sensitive data like health information can be justified if it's relevant to the case. Lawyers and companies should understand that privacy laws may allow such disclosures under specific circumstances.
GDPR Articles Cited
National Law Articles
The data subject is a lawyer that is employed by the company A. In August 2018, he suffered a severe stroke due to which he has continuously been on sick leave since then. In a labour court case against his employer in 2019, the employer hired a lawyer who disclosed information about the data subject's health during the proceedings. The data subject classified this as a violation of the GDPR because it was a special category of personal data (Article 9(1) GDPR) that should not have been processed. The data subject requested the Hessian data protection authority to intervene against the alleged data protection violations. The data protection authority refused to take action. The Administrative Court of Wiesbaden dismissed the data subject's claim. It held that, in the context of a labour court dispute, both the employer and the lawyer instructed by it are entitled to name and explain any health data of the employee. This applies all the more if the employee is the plaintiff and has brought the relevant circumstances into the proceedings himself. First, it clarified that the lawfulness of the data processing of health data in legal proceedings is assessed according to Article 6(1)(f) GDPR and Article 9 GDPR. Second, lawyers are data controllers within the meaning of Article 4(7) GDPR with regard to their presentation in court proceedings. As independent organs of the administration of justice in their capacity as advisors and representatives, they themselves bear the responsibility for the content of the pleadings in terms of liability and design. Third, according to the court, in their pleadings, attorneys pursue the legitimate interest of fulfilling their contractual obligation with the client (cf. § 3(3) Federal Lawyer's Act [Bundesrechtsanwaltsordnung - BRAO]). The activity of a lawyer would be impossible if he were not basically allowed to present what the client informs him of. They would even expose themselves to the risk of attorney liability if, contrary
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Der Hessische Landesbeauftragte für den Datenschutz und die Informationsfreiheit in DE
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Der Hessische Landesbeauftragte für den Datenschutz und die Informationsfreiheit - Germany (2022). Retrieved from cookiefines.eu
Last updated: