Court case 2 R 192/24h – Court Ruling (Austria, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A court in Austria ruled that an online casino must provide a user with access to their personal data after initially refusing the request. This is important because it reinforces users' rights to access their information, which all businesses must respect. Companies should be prepared to fulfill data access requests promptly and correctly.
What happened
The court ordered an online casino to provide a user with access to their personal data after they initially refused the request.
Who was affected
The user who set up an account and lost money on the online casino's website was affected.
What the authority found
The court decided that the online casino could not deny the user's access request based on an invalid claim about the power of attorney.
Why this matters
This ruling emphasizes the obligation of companies to comply with data access requests. Businesses should ensure they have clear processes for handling such requests.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
The data controller is an online casino-game provider. The data subject set up an account, deposited money and lost it on the website. On 23rd May 2024, the data subject submitted (through his representative) an access request with the controller requesting access to their personal data, and specifically, all deposits and withdrawals and the stakes, wins and losses made on his account. The access request was made through the data subject’s representative, and included an electronically signed power of attorney and a copy of the data subject’s ID. On 26th May 2024, the controller refused the applicant’s request, asking for a handwritten power of attorney signed by the plaintiff in ink. The data subject did not respond to the controller’s response and filed the present action on 5th July 2024 with the Regional Court of Klagenfurt. The data subject sought that the controller be compelled to provide a digital copy of the data requested. On August 1st 2024, the controller sent further communication to the data subject’s representative and, in light of having received notice of the claim filed, deemed there to be a legally valid power of attorney within the meaning of Section 8 RAO and provided the information requested by the data subject on 23rd May. On 9th October, the data subject, having received the requested information, limited the scope of their filing to request only reimbursement of the costs incurred in the court proceeding. The trial court ruled that the controller could not rely on § 45 ZPO, an Austrian Civil Procedure provision which requires plaintiffs in a proceeding to bear the costs of such proceeding where the cause of action is not attributable to the action of the defendant and the defendant immediately acknowledges the claim in action. The controller had argued that this provision should apply as the power of attorney received in May 2024 was invalid. The trial judge ordered the controller to reimburse the data subject for their legal costs, to the
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Court case 2 R 192/24h in AT
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Court case 2 R 192/24h - Austria (2024). Retrieved from cookiefines.eu
Last updated: