Court case 4 U 120/24 e – Court Ruling (Germany, 2025)

A telecom provider (the controller) concluded a contract with a customer (the data subject). Afterwards, the controller forwarded the subject’s data to the credit information agency SCHUFA Holding AG. The disclosure of the data were base on the controller’s interest in preventing fraud. The data subject brought an action with the Regional Court of Würzburg. He claimed that the disclosure of his data was unlawful. So, he required compensation for non-material damages under Article 82 GDPR, injunctive relief, and a declaration that the controller would be liable for all future material and non-material damages caused by the disclosure. The Regional Court of Würzburg dismissed the requests. The data subject then appealed the ruling with the Higher Regional Court of Bamberg. The Court dismissed the request and held that the controller lawfully disclosed the data to Schufa. In its analysis of the controller’s legitimate interest, the Court referred to the three requirements laid out by the case law of the Court of JusticeCJEU, Case C-252/21, Meta Platform and Others, 4 August 2023, margins 105 and following (available [https://curia.europa.eu/juris/document/document.jsf?text=&docid=276478&pageIndex=0&doclang=EN&mode=req&dir=&occ=first&part=1&cid=60751 here]). and held that they were fulfilled in the case at hand. First, the Court held that the controller had a real and legitimate interest in avoiding fraud. In this regard, the Court pointed out that many individuals conclude a large number of phone plans in a short time, without paying for those plans, in order to keep the phones that come with them. Credit information agencies such as the controller can help telecom providers avoid such frauds. Furthermore, the Court pointed out that Recital 47 GDPR lists fraud prevention as an example of a legitimate interest of the data controller. Then, the Court held that the processing of the data was necessary to prevent fraud. In the Court’s view, it was not apparent that less