Court case W176 2265088-1 – Court Ruling (Austria, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
An Austrian court ruled that a credit agency can keep records of paid debts to maintain accurate credit histories. This is important because it shows that companies can retain certain personal data even after debts are settled. Small businesses should be aware of how credit data can affect their relationships with clients.
What happened
A credit agency refused to delete records of a user's paid debts, arguing it was necessary for creditworthiness assessments.
Who was affected
A user who requested the deletion of her personal data related to settled debts.
What the authority found
The court decided that the credit agency had a legitimate interest in keeping the data to provide accurate credit information.
Why this matters
This case illustrates that companies must balance user requests for data deletion with their need to maintain accurate records. Businesses should review their data retention policies to ensure compliance with data protection laws.
GDPR Articles Cited
A data subject submitted a request to the controller, a credit agency, to delete personal data relating to her. The data in question referred to three debts in the amounts of around €24, €35 and €1,000 which she had paid off by the time the complaint was filed. The controller responded that it would not delete such data and submitted that its processing activities relate to credit data which is relevant for establishing creditworthiness of data subjects on the basis of Article 6(1)(f) GDPR, as it has a legitimate interest to provide third parties, whose activities entail a credit risk, with accurate credit data. For these third parties it is essential to consult the database provided by the controller, in order to be able to assess the payment behavior of their potential contractual partners, such as the data subject in this case. The controller claimed that it is important to keep data relating to, among others, unpaid bills in their database, as they significantly increase the chances of future default and thus constitute relevant credit data. For the sake of accuracy under Article 5(1)(d) GDPR, the controller submitted that it is important to also keep records of debts that have been paid off, in fact, if the controller were to delete data relating to already settled debts of the data subject, this would create a distorted picture of her creditworthiness. In this case, the data subject had been sent several reminders by creditors before she actually settled her debts, whereby the creditors had to put debt recovery measures in place and suffered temporary damages from the unpaid bills. In the present case, the debts had been settled in 2019 and 2020, after being left unpaid for about three years. On 5 August 2022, the data subject brought a complaint with the DSB following the refusal by the controller to delete credit data relating to her, claiming also that the controller failed to inform her that data relating to her credit history were being saved for up to
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Court case W176 2265088-1 in AT
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Court case W176 2265088-1 - Austria (2023). Retrieved from cookiefines.eu
Last updated: