Data Subject versus Telecommunications Company – Court Ruling (Germany, 2025)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
In 2021, the data subject concluded a postpaid telecommunications contract with a telecommunications provider (controller), which included a discounted purchase of an expensive mobile phone . The controller transferred the data regarding the registration of the data subjects’ mobile phone contract to SCHUFA, a German credit reference agency. The data are considered “positive data” (i.e. non-adverse contractual information). In September 2023, the contract was terminated. In October 2023, SCHUFA deleted the data about the data subject. The data subject brought legal proceedings against the controller before the court of first instance. They argued that the controller transmitted his data unlawfully as the transmission had occurred without their explicit consent and did not qualify for any other lawful basis under Article 6 GDPR. They also asserted that the controller had not adequately informed them of the transmission. The data subject requested the following relief from the court: a. Non-material damages due to the transfer of their contract data to SCHUFA. b. An injunction preventing future transmission of positive data to SCHUFA. c. A declaratory finding of liability for damages under Article 82 GDPR. d. Reimbursement of legal expenses under GDPR as immaterial damages. They also sought to refer the matter to the CJEU for clarification. The court of first instance rejected the data subject’s claim. In 2024, the data subject appealed the decision before the court of appeal (Oberlandesgericht Koblenz-OLG Koblenz). The court ruled the claim to be wholly unfounded. First, the court decided that the controller lawfully transmitted the data subject’s data to SCHUFA. The controller pursued the legitimate interest of fraud prevention and ensuring creditworthiness assessments (Article 6(1)(f) GDPR), serving the socio-economic interests of the telecommunications industry. More specifically, the court stated that the rights of the data subject at this case ‘
GDPR Articles Cited
In 2021, the data subject concluded a postpaid telecommunications contract with a telecommunications provider (controller), which included a discounted purchase of an expensive mobile phone . The controller transferred the data regarding the registration of the data subjects’ mobile phone contract to SCHUFA, a German credit reference agency. The data are considered “positive data” (i.e. non-adverse contractual information). In September 2023, the contract was terminated. In October 2023, SCHUFA deleted the data about the data subject. The data subject brought legal proceedings against the controller before the court of first instance. They argued that the controller transmitted his data unlawfully as the transmission had occurred without their explicit consent and did not qualify for any other lawful basis under Article 6 GDPR. They also asserted that the controller had not adequately informed them of the transmission. The data subject requested the following relief from the court: a. Non-material damages due to the transfer of their contract data to SCHUFA. b. An injunction preventing future transmission of positive data to SCHUFA. c. A declaratory finding of liability for damages under Article 82 GDPR. d. Reimbursement of legal expenses under GDPR as immaterial damages. They also sought to refer the matter to the CJEU for clarification. The court of first instance rejected the data subject’s claim. In 2024, the data subject appealed the decision before the court of appeal (Oberlandesgericht Koblenz-OLG Koblenz). The court ruled the claim to be wholly unfounded. First, the court decided that the controller lawfully transmitted the data subject’s data to SCHUFA. The controller pursued the legitimate interest of fraud prevention and ensuring creditworthiness assessments (Article 6(1)(f) GDPR), serving the socio-economic interests of the telecommunications industry. More specifically, the court stated that the rights of the data subject at this case ‘
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Violations (1)
Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.
Art. 6(1) GDPR
Related Cases (0)
No other cases found for Data Subject versus Telecommunications Company in DE
This is the only recorded case for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Legal Person
2023 · Úřad pro ochranu osobních údajů
Ramona Films, S.L.
2022 · Agencia Española de Protección de Datos
CNIL
2019 · Court of Justice of the European Union
Minister for Legal Protection
2022 · DPA RbOverijssel
ANSPDCP
2025 · Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal
Details
About this data
Cite as: Cookie Fines. Data Subject versus Telecommunications Company - Germany (2025). Retrieved from cookiefines.eu
Last updated: