BF (insured/data subject) – Court Ruling (Austria, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
An insurance policyholder in Austria requested access to specific data related to her claim, but the insurer delayed in providing it. The Austrian DPA found the insurer's response inadequate, highlighting the importance of clear communication and timely responses to data access requests. This case underscores the need for companies to understand and fulfill data access rights promptly.
What happened
An Austrian insurance company delayed providing a policyholder with access to specific data related to her claim.
Who was affected
An insured person who requested access to her personal data from her insurance company.
What the authority found
The Austrian DPA found the insurance company did not adequately respond to the policyholder's data access request.
Why this matters
This ruling highlights the necessity for companies to respond clearly and promptly to data access requests. It serves as a reminder to businesses to ensure they understand and comply with data access rights under GDPR.
GDPR Articles Cited
National Law Articles
The controller was an insurer, and the data subject was one of its policy holders. In 2012, the data subject subject suffered a whiplash injury in a car accident and was later diagnosed with "post-traumatic depressive adjustment disorder with somatization." In 2014, the data subject filed a claim with the controller for occupational disability; the data subject had been self-employed as a management consultant and energy technician. The controller rejected the claim on the basis that the data subject had not provided adequate proof of disability. On October 28, 2015, the data subject applied to the district court of Wels for a conditional payment order to be issued against the controller. At the time of the DPA's decision, the civil proceedings were suspended. In 2016, the controller offered the data subject a one-time payment of €25,000, which the data subject rejected. The insurance contract between the two parties was terminated in October 2017. On May 13, 2019, the data subject emailed an access request, requesting specifically the "risk assessment" associated with her contract and the "reserve amount" associated with her disability claim. In a response dated Nobember 27, 2019, the controller asked the data subject for an explanation of what she meant by those terms. On April 26, 2020, the data subject filed a complaint with the Austrian DPA alleging that the controller had violated her right of access and additionally requested all of her personal data processed by the controller. The controller responded that it had answered the data subject's access request to the best of its ability and that the terms she used were not meaningful to the firm. The controller claimed the data subject believed she was entitled to an insurance payout and was abusing data protection law for her benefit in the related civil procedure. As the complaint was the first time the data subject had requested all her personal data, the controller sent a 200-page response including among ot
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for BF (insured/data subject) in AT
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. BF (insured/data subject) - Austria (2022). Retrieved from cookiefines.eu
Last updated: