Court case 20 U 295/21 – Court Ruling (Germany, 2022)

The data subject has a health insurance contract with the controller. The controller increased the premiums during the contract. The data subject payed the increased premiums for a while but then filed a lawsuit against the controller demanding a refund as well as access to all supplements to the insurance policy and all notification letters sent to him during the contractual relationship under Article 15 GDPR. The court of first instance, the Regional Court of Aachen (Landgericht Aachen – LG Aachen), ruled in favour of the data subject. The controller appealed this decision arguing that the right to access under Article 15 GDPR does not grant a right to access to documents but its only purpose is to make the processed data transparent. Moreover, it argued that granting the access to such a wide extent would amount to an inadmissible discovery of evidence which is contrary to the civil procedural principle that each party must bring forward its evidence itself. Lastly, the controller also invoked the excessiveness of the request under Article 12(5) GDPR alleging that the data subject uses Article 15 GDPR only to verify the validity of the premium increases and not to verify the lawfulness of the processing. The Higher Regional Court of Köln (Oberlandesgericht Köln – OLG Köln) rejected the arguments of the controller and upheld the lower court’s judgement. First, the court referred to case law by the German Supreme Court (Bundesgerichtshof – BGH decision from 15.06.2021, case no. VI ZR 576/19) to establish that personal data under Article 4(1) GDPR means information which by virtue of its content, purpose or effects, is linked to a specific person. The court then concluded that the supplements to the insurance policy as well as the notification letters meet these requirements. For the supplements the court found that they show the content and conditions of the insurance cover provided to the data subject by the controller. Regarding the notification letters the cou