Court case 27 U 2473/24 e – Court Ruling (Germany, 2024)

The controller is a credit rating agency maintaining a database with 68,000,000 Germany-related datasets. The contractual partners of the controller transmit data from their customers to the controller. The controller stores the data it receives from its partners. In turn it calculates and provides its partners with information on which the statistical risk of payment default. The data subject is a craftsman and requested the erasure of an entry on his creditworthiness stored by the controller regarding a debt between €300 and €400 for which payment had been in default for months. The controller rejected the request. Consequently, the data subject filed a lawsuit requesting erasure of the entry based on Article 17 GDPR with the Regional Court of Augsburg (Landesgericht Augsburg - LG Augsburg). The court found the claim to be unfounded as the controller was justified in processing the data under Article 6(1)(f) GDPR. The data subject appealed this decision and brought forward that the controller should have notified the data subject of the data processing through push-notifications. In the Appeals process the Higher Regional Court Munich (Oberlandesgericht München - OLG München) fully upheld the decision of the first instance. It maintained that the interest of the controller for storing the data is not overridden by legitimate interests of the data subject. Even though the debt was eventually settled the information stored by the controller remained suitable for assessing the credit score. The court also agreed with the first instance that even the payment history on small amounts (in the case at hand an amount below €400,00) is appropriate for future risk assessments. Regarding the fact, that the data subject had eventually paid the claim the court agreed with the first instance that even a late payment is relevant for risk predications. The court held that while the controller is obliged to inform the data subject in accordance with Article 13 and 14 GDPR, t