Court case 13 U 11/24 – Court Ruling (Germany, 2025)

The case concerns the transmission of a data subject's personal data by Barclays bank (the controller) to a credit rating agency (Schufa). The controller had wrongly notified Schufa about a financial claim of €4,405 existing against the data subject which in fact did not exist. After that, a different bank cancelled the data subject’s private overdraft facility forcing it to refinance €18,000 at short notice. The court of first instance had granted material damages for the additional interest the data subject had to pay for the refinancing credit, however the main subject of the appeal was non-material damages. The court found, that the controller had violated its obligations under Articles 5 and 6 GDPR by notifying Schufa about a claim that does not actually exist against the data subject. It also found, that in line with BGH, VI ZR 10/24 the notification constituted a loss of control which put the data subject into a bad light in itself constituting a non-material damage. Moreover, the court held, that the transmission inflicted an organisational burden by forcing the data subject to quickly refinance a substantial amount of money after the cancellation of the overdraft facility based on the negative entry and to pursue the clearing of such entry. The court found the amount of €2,500 appropriate to compensate those damages pursuant to Article 82 GDPR, taking account in particular the sensitive nature of wrong debt notifications. Those, the court held, could seriously damage the economic capacity of the data subject and forced the data subject to disclose its financial situation to new potential creditors.