Court case 27 U 2473/24 e – Court Ruling (Germany, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A German court upheld a credit rating agency's decision to keep a craftsman's debt information in its database, even after the debt was paid. The court ruled that the agency had a legitimate reason to retain the data for risk assessment. This case shows that even small debts can impact credit scores and that companies must balance data retention with user rights.
What happened
The court ruled that a credit rating agency could keep a craftsman's debt information for risk assessment purposes.
Who was affected
The craftsman whose creditworthiness was affected by the debt entry stored by the credit rating agency.
What the authority found
The court found that the credit rating agency was justified in processing the debt information under legitimate interests, despite the debt being settled.
Why this matters
This case illustrates that companies can retain certain data for legitimate business purposes, even after debts are paid. Small business owners should be aware of how their financial history can affect their credit ratings.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The controller is a credit rating agency maintaining a database with 68,000,000 Germany-related datasets. The contractual partners of the controller transmit data from their customers to the controller. The controller stores the data it receives from its partners. In turn it calculates and provides its partners with information on which the statistical risk of payment default. The data subject is a craftsman and requested the erasure of an entry on his creditworthiness stored by the controller regarding a debt between €300 and €400 for which payment had been in default for months. The controller rejected the request. Consequently, the data subject filed a lawsuit requesting erasure of the entry based on Article 17 GDPR with the Regional Court of Augsburg (Landesgericht Augsburg - LG Augsburg). The court found the claim to be unfounded as the controller was justified in processing the data under Article 6(1)(f) GDPR. The data subject appealed this decision and brought forward that the controller should have notified the data subject of the data processing through push-notifications. In the Appeals process the Higher Regional Court Munich (Oberlandesgericht München - OLG München) fully upheld the decision of the first instance. It maintained that the interest of the controller for storing the data is not overridden by legitimate interests of the data subject. Even though the debt was eventually settled the information stored by the controller remained suitable for assessing the credit score. The court also agreed with the first instance that even the payment history on small amounts (in the case at hand an amount below €400,00) is appropriate for future risk assessments. Regarding the fact, that the data subject had eventually paid the claim the court agreed with the first instance that even a late payment is relevant for risk predications. The court held that while the controller is obliged to inform the data subject in accordance with Article 13 and 14 GDPR, t
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Court case 27 U 2473/24 e in DE
This is the only recorded case for this entity in this jurisdiction.
Details
Ruling Date
19 November 2024
Authority
DPA LGAugsburg
About this data
Cite as: Cookie Fines. Court case 27 U 2473/24 e - Germany (2024). Retrieved from cookiefines.eu
Last updated: