Court case 14 K 870/22 – Court Ruling (Germany, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A court ruled that a municipality improperly shared a civil servant's health information when it sent out a job offer mentioning his potential early retirement. This matters because it shows that companies must protect sensitive health data and not disclose it without a valid reason. The court awarded the civil servant €2,500 for the violation.
What happened
The municipality disclosed a civil servant's health information in a job offer without a valid legal basis.
Who was affected
The civil servant whose health information was disclosed inappropriately.
What the authority found
The court found that the municipality violated GDPR by disclosing health data without a valid legal basis.
Why this matters
This ruling highlights the importance of safeguarding sensitive health information and sets a precedent for holding organizations accountable for unauthorized disclosures. Companies should review their data handling practices to ensure compliance.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
The data subject is a civil servant that works at a municipality (the controller). In 2017, the data subject had a stroke that led to a longer sick leave of the data subject. Following a medical examination by the public medical officer, the controller decided to attempt to transfer the data subject to early retirement in September 2018. This attempt ultimately failed, as the data subject successfully challenged the early retirement before the Administrative Court Stuttgart (Verwaltungsgericht Stuttgart – VG Stuttgart) in November 2021 therefore remaining a civil servant. However, on 5 July 2018 the controller had already sent out a job offer to about 80 staff members. It included the information that the previous staff member (the data subject) was about to be transferred to early retirement due to his incapacity to work. On 16 February 2022, the data subject sued the controller for €20,000 in damages before the VG Stuttgart due to the disclosure of his health information and claiming that the transfer of the his file to the municipality’s lawyer was also illegal. The court found that the lawsuit was admissible and belonged before the administrative court, even though [https://www.gesetze-im-internet.de/gg/art_34.html Article 34 Basic Law (Grundgesetz – GG)] assigns all claims of official liability to the civil courts. The VG Stuttgart argued that Article 82 GDPR was not an official liability claim. The court awarded the data subject €2,500 in non-material damages. The court held that there was a violation of Article 9(1) GDPR due to the disclosure of the alleged disability for service in the job offer the controller had sent out. This was health data under Article 4(15) GDPR, because the inability to work was due to the health status. The wording “previous office-bearer” made the data subject identifiable. The disclosure was neither necessary under Article 9(2)(b) nor (f) GDPR. The court also found that the data subject had suffered a non-material damage. The da
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Court case 14 K 870/22 in DE
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Court case 14 K 870/22 - Germany (2024). Retrieved from cookiefines.eu
Last updated: