Austrian Data Protection Authority – Court Ruling (Austria, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
In 2010, debt settlement proceedings were issued against the data subject. The data subject settled the payments of their debts in March 2018. After settling the debts, the civil court ordered to make the personal data of the data subject unavailable to the public in the public insolvency register. The controller, a credit ranking agency, continued to process and store personal data of the data subject that related to his debt settlement procedure that the controller obtained from the public insolvency register. The purpose of the procesing was to assess the creditworthiness of the data subject and his company. The data subject was the company's sole shareholder. The data subject requested the erasure of his personal data on 4 May 2018, after fulfilling his debt payment plan. The controller did not reply. On 24 October 2018, the data subject lodged a complaint at the Austrian DPA against the controller for the infringement of the right to erasure under Article 17 GDPR. The controller informed the DPA by letter the same day that it would not comply with this request. The DPA dismissed the data protection complaint. The decision does not give detail on why the complaint was dismissed. The data subject appealed this decision at the Federal Administrative Court (Bundesverwaltungsgericht, BVwG). The court dismissed the appeal. The court found that the controller’s processing the personal data in question was necessary, as the purpose of the processing was for making a forecast about the future payment behaviour of the data subject. The court found that the interests of the controller and its third parties outweighed the interests of the data subject The court concluded that the processing of data on historical insolvencies and payment defaults of the data subject was necessary and lawful and that the objections raised by the data subject could not justify his request for erasure. The data subject appealed to the decision before the Austrian Supreme Administrative Co
GDPR Articles Cited
In 2010, debt settlement proceedings were issued against the data subject. The data subject settled the payments of their debts in March 2018. After settling the debts, the civil court ordered to make the personal data of the data subject unavailable to the public in the public insolvency register. The controller, a credit ranking agency, continued to process and store personal data of the data subject that related to his debt settlement procedure that the controller obtained from the public insolvency register. The purpose of the procesing was to assess the creditworthiness of the data subject and his company. The data subject was the company's sole shareholder. The data subject requested the erasure of his personal data on 4 May 2018, after fulfilling his debt payment plan. The controller did not reply. On 24 October 2018, the data subject lodged a complaint at the Austrian DPA against the controller for the infringement of the right to erasure under Article 17 GDPR. The controller informed the DPA by letter the same day that it would not comply with this request. The DPA dismissed the data protection complaint. The decision does not give detail on why the complaint was dismissed. The data subject appealed this decision at the Federal Administrative Court (Bundesverwaltungsgericht, BVwG). The court dismissed the appeal. The court found that the controller’s processing the personal data in question was necessary, as the purpose of the processing was for making a forecast about the future payment behaviour of the data subject. The court found that the interests of the controller and its third parties outweighed the interests of the data subject The court concluded that the processing of data on historical insolvencies and payment defaults of the data subject was necessary and lawful and that the objections raised by the data subject could not justify his request for erasure. The data subject appealed to the decision before the Austrian Supreme Administrative Co
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Austrian Data Protection Authority in AT
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Austrian Data Protection Authority - Austria (2024). Retrieved from cookiefines.eu
Last updated: