Court case 1 K 6024/20 – Court Ruling (Germany, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A German court ruled that an insurance company was right to report a customer for potential fraud after they used the same photos for multiple claims. The court found the company had a legitimate interest in protecting against fraud. This decision supports businesses in taking steps to prevent fraudulent activities.
What happened
The court upheld an insurance company's decision to report a customer for potential fraud due to repeated use of identical photos in claims.
Who was affected
An insurance policyholder who submitted multiple claims using the same photos for storm damage.
What the authority found
The court ruled that the insurance company had a legitimate interest in reporting potential fraud, justifying its actions under GDPR.
Why this matters
This ruling supports businesses in using personal data to protect against fraud, reinforcing the balance between individual rights and legitimate business interests.
GDPR Articles Cited
The data subject held a property insurance policy with a controller, insuring against storm damage. The Controller is member of the Association of the German Insurance Industry and reports to the Insurance Industry's Reference and Information System. On 15 March 2019, the data subject submitted eight photos claiming storm damage to his property and the controller compensated the €2,840 claimed damage. Subsequently, on 17 December 2019, 3 February 2020, and 1 March 2020, the data subject filed additional claims using the same photos. The controller refused payment for these claims and subsequently canceled the insurance policy and reported the data subject to the informa HIS GmbH, operator of the Insurance Industry's Reference and Information System, indicating "anomalies in the claim process." The data subject filed a complaint with the DE-HE DPA, which transferred it to the DE-BW DPA as lead authority for the customers insurance. The DE-BW DPA ordered the controller to delete the entry in the Insurance Industry's Reference and Information System, arguing the controller lacked legitimate interest under Article 6 GDPR#1f. The VG Stuttgart overturned the DE-BW DPA's decision, stating that the controller had a legitimate interest under Article 6 GDPR#1f to report the anomalies to the Insurance Industry's Reference and Information System. The court emphasized that the legitimate interest does not require an actual fraud attempt, only that fraud-related anomalies exist according to Insurance Industry's Reference and Information System's guidelines. The court held that the data subject's insurance company was entitled to assess and manage risks based on potential fraudulent behavior. The repeated use of identical photos for separate claims indicated a significant probability of fraud, justifying the controller’s actions. Further, the data subject's rights did not outweigh the insurance company's legitimate interests. First, the court held that the controller’s processin
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Court case 1 K 6024/20 in DE
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Court case 1 K 6024/20 - Germany (2023). Retrieved from cookiefines.eu
Last updated: