Court case W256 2234851-1 – Court Ruling (Austria, 2023)

On 22 February 2019, a data subject submitted an access request to the controller, a logistics and postal service provider acting in its capacity as an address publisher and direct marketing company, that initially did not answer his request at all. Against this background, the data subject filed a complaint with the DSB. After hearing the controller, the DSB established that it did reply to the access request and it considered the complaint to be without object. In response to this, the data subject claimed that such answer was incomplete, as it did not receive information about the data recipients and of the existence of profiling. The DSB thus considered the complaint anew, as the claimed infringement changed to incomplete provision of information under Article 15 GDPR. In its submissions, the controller held that it did provide information about the categories of recipients and it did not inform the data subject about profiling, as it did not carry out such activities. The DSB partially admitted the complaint, holding that the controller infringed the data subject’s right to access as it did not provide sufficient information as to the data recipients, without explaining why providing such information would affect her protected interest as an address publisher. It also held that the controller failed to provide meaningful information about the logic involved and the scope and effects of processing according to Article 15(1)(h) GDPR as regards the marketing classification, which is to be considered “profiling” under Article 4(4) GDPR. The DSB thus ordered the controller to duly inform the data subject about the above mentioned within a period of four weeks. The controller still believed the information it provided to be complete, since it lawfully chose to provide information about the categories of recipients and not the recipients themselves and it considered that marketing classifications do not constitute personal data and that it did not carry out profil