Apple Distribution International Ltd. – Court Ruling (Austria, 2025)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
On December 7 2021, the data subject initiated court proceedings against Apple Distribution International Ltd. (controller) on the grounds that they failed to comply with their access request. The data subject requested, in particular, access to the specific recipients of their data, the contents of any disclosures or transmissions of their data, the storage period for their or criteria for determining it, and specific information under Article 15(2) GDPR. In response to the access request, the controller included some files which were incomplete and incomprehensible to the data subject. Furthermore, information about advertising placements were not provided and the data subject was not informed about which of the data subject’s data was fed into the advertising algorithm. Finally, the data subject was given complex data structures and records containing links which could not be decrypted. The controller denied the claim and argued that they had fully complied with the data subject’s access request. The controller argued that they do not keep detailed records documenting which specific personal data was disclosed to different recipients or processors and stated that their retention periods are determined with reference to the purposes for each processing activity. The controller also acknowledged that they make third country transfers via standard contractual clauses, despite the data subject not having been given any information on these in response to their access request. An expert witness attested to the fact that some of the data provided was incomplete, that the controller had further data relating to the data subject, and noted that some of the structures of the data provided were so convoluted that he himself could not decipher them. The Court accepted the evidence provided by the expert witness and ruled that the controller had violated the data subject’s right of access. The Court regarded the violation as “serious” in nature. The court ordered the con
GDPR Articles Cited
On December 7 2021, the data subject initiated court proceedings against Apple Distribution International Ltd. (controller) on the grounds that they failed to comply with their access request. The data subject requested, in particular, access to the specific recipients of their data, the contents of any disclosures or transmissions of their data, the storage period for their or criteria for determining it, and specific information under Article 15(2) GDPR. In response to the access request, the controller included some files which were incomplete and incomprehensible to the data subject. Furthermore, information about advertising placements were not provided and the data subject was not informed about which of the data subject’s data was fed into the advertising algorithm. Finally, the data subject was given complex data structures and records containing links which could not be decrypted. The controller denied the claim and argued that they had fully complied with the data subject’s access request. The controller argued that they do not keep detailed records documenting which specific personal data was disclosed to different recipients or processors and stated that their retention periods are determined with reference to the purposes for each processing activity. The controller also acknowledged that they make third country transfers via standard contractual clauses, despite the data subject not having been given any information on these in response to their access request. An expert witness attested to the fact that some of the data provided was incomplete, that the controller had further data relating to the data subject, and noted that some of the structures of the data provided were so convoluted that he himself could not decipher them. The Court accepted the evidence provided by the expert witness and ruled that the controller had violated the data subject’s right of access. The Court regarded the violation as “serious” in nature. The court ordered the con
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Apple Distribution International Ltd. in AT
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Apple Distribution International Ltd. - Austria (2025). Retrieved from cookiefines.eu
Last updated: