Court case 33 O 5976/22 – Court Ruling (Germany, 2023)

The controller was a telecommunication company. In its contracts with the customers, the controller informed the latter that personal data, including “positive data”, could be transferred to the credit ranking agency SCHUFA. The controller and SCHUFA were in a mutually advantageous relationship: the former got reliable information to check potential customers’ creditworthiness, the latter improved its scoring system. According to the plaintiff, a consumer association, such data sharing violated Articles 5(1)(a) and 6 GDPR, as neither contract nor legitimate interest could be used as a legal basis for transmission of data to SCHUFA. Therefore, the consumer association asked a court to stop the disclosure of so-called “positive data” to SCHUFA. By "positive data" we refer to personal data that do not show any data subject’s negligence in the performance of the underlying contract with the telecommunication company. In response to the legal claim, the controller raised several points. Firstly, the association did not have legal standing, as it represented consumers and not data subjects. Secondly, the controller argued that Article 80(2) GDPR did not apply at the case at issue, as no concrete violation of the GDPR with regard to a specific data subject was alleged by the association. The association lamented an abstract violation as a consequence of the controller’s privacy policy. In the merits, the controller stated that the disclosure of personal data to SCHUFA was subject to strict and clear requirements. Data processing was covered both by Article 6(1)(b) and (f) GDPR, as it was necessary to perform telecommunication contracts and prevention of credit risks and fraud was a legitim ate interest of the controller and society at large. Thanks to the disclosure the consumers also improved their SCHUFA “score” through positive data points. From the outset, the court clarified that the GDPR aims to protect the data subject’s fundamental rights not only as a citizen, b