Court case 3 C 29/23 – Court Ruling (Germany, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A German court ruled that an insurance company must provide a policyholder with information about their premium adjustments. The court found that the company did not fully communicate the reasons for these changes, which is required by law. This decision emphasizes the importance of transparency in insurance practices.
What happened
The court held that the insurance company must disclose details about premium adjustments to the policyholder.
Who was affected
The policyholder of the insurance company who requested information about their premium changes.
What the authority found
The court decided that the insurance company was required to provide information under Article 15(1) of GDPR, affirming the policyholder's right to access their personal data.
Why this matters
This ruling highlights the strong right to information under GDPR, encouraging companies to be transparent about changes that affect their customers. It serves as a reminder for businesses to ensure they communicate clearly with their clients.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The data subject, a holder of an insurance policy of an insurance company (the controller), sued after the controller adjusted the premium amounts of their policy. The data subject claimed the adjustments were not fully communicated in accordance with the German Insurance Contract Act ([https://www.gesetze-im-internet.de/vvg_2008/ Versicherungsvertragsgesetz] - VVG), which mandates that reasons for premium changes be disclosed, including whether they are temporary or permanent. The contract between the data subject and the controller had been in place for several years, with premium adjustments occurring over time. The data subject argued that the controller did not provide adequate information about these adjustments. They also sought access to personal data related to their insurance policy under Article 15 GDPR, including details of premium adjustments, tariff changes, and policy terminations. The controller denied the request, asserting that the necessary information had already been provided. The court held that the data subject's claim for information under Article 15(1) GDPR was justified. The personal data in question, relating to the data subject’s insurance relationship, were considered personal data as per Article 4(1) GDPR. The controller was required to provide information on the processing of these personal data, which included the time and amount of premium adjustments, tariff changes, and tariff terminations. The court rejected the controller’s argument that the data subject's request was abusive according to Article 12(5)(b) GDPR. It emphasized that the GDPR grants a very strong right to information, aimed at ensuring transparency and data sovereignty. The data subject’s request was not deemed excessive, as it sought data related to his own contractual relationship and indicated that he no longer had access to the information. The court affirmed that the controller could not deny the request based on the data subject's potential economic intere
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Court case 3 C 29/23 in DE
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Court case 3 C 29/23 - Germany (2024). Retrieved from cookiefines.eu
Last updated: