Court case ECLI:DE:LGMS:2023:0704.16O238.22.00 – Court Ruling (Germany, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A court ruled that a credit agency improperly processed a person's insolvency information, which hurt their ability to get credit. The court decided that the agency couldn't justify keeping this information longer than allowed by law. This case emphasizes that companies must respect individuals' rights and follow data protection laws.
What happened
The credit agency used publicly available insolvency information to negatively register a person without a valid legal basis.
Who was affected
The individual who faced insolvency and was negatively registered by the credit agency.
What the authority found
The court held that the credit agency violated GDPR by processing the individual's data without a valid legal basis and retaining it beyond the legal timeframe.
Why this matters
This ruling reinforces that companies must prioritize individuals' rights over their own economic interests. Businesses should ensure they have a valid reason for processing personal data and respect legal time limits.
GDPR Articles Cited
The data subject had faced insolvency proceedings, which were announced on a publicly accessible database. This publication is legally retained and made publicly available for 6 months following insolvency proceedings under German law.§3 of the Ordinance on Public Announcements in Insolvency Proceedings and Restructuring Matters on the Internet (InsBekV) available, [https://www.gesetze-im-internet.de/insobekv/__3.html here]. A credit agency (the controller) had negatively registered the data subject using the information from the public database and transmitted the data subject’s negative registration to its contractual partners. As a result, the data subject was unable to apply for credit products. After being rejected for various credit-related applications due to their negative registration, the data subject filed a suit against the credit agency in the Regional Court of Münster. The Court held that the controller was in violation of Article 6(1) GDPR, as they lacked a legal basis for processing the data subject’s data. The Court held that the controller was unable to rely on Article 6(1)(f) GDPR for processing, because the economic interests of the controller could not override those of the data subject. Moreover, the controller had retained the data subject’s insolvency information beyond the 6-month period provided for under domestic law. The data subject’s interests and rights took precedence over those of the controller. The negative registration created an unwarranted detriment to the data subject’s economic life. The Court concluded that the controller’s processing significantly interfered with the data subject’s constitutional right to self-determination under Article 1,2 of German Basic Law, the right to data protection under Article 8 of the European Charter of Fundamental Rights, and the data subject’s general freedom of action, freedom of contract, and the freedom to exercise a profession. Consequently, the controller was unable to rely on Article
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Court case ECLI:DE:LGMS:2023:0704.16O238.22.00 in DE
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Court case ECLI:DE:LGMS:2023:0704.16O238.22.00 - Germany (2023). Retrieved from cookiefines.eu
Last updated: