Court case W298 2296144-1 – Court Ruling (Austria, 2025)

The controller is a credit information agency that collects information from different sources to calculate an individual’s creditworthiness. This information is accessed by third parties. The controller contractually obliges its contractual partners (such as debt collection agencies) to inform it (as a credit information agency) about payment defaults of data subjects. The debt collection agency informed the data subject of the transfer of their data to the controller in 2020, and since then, the controller stored entries on the payment history data of the data subject. The payments were later settled and the entries reflected this. However, the controller refused to delete them when the data subject requested their erasure. The data subject argued that their economic progress was impaired as a result, and brought a complaint to the DPA. The controller argued that the processed data was still necessary for credit checking purposes. The DPA upheld the complaint in June 2024, and stated that the controller had violated the data subject’s right to erasure. Furthermore, the controller was not permitted to store payment history data beyond its settlement, and was required to delete the entries. According to the DPA, further processing of the data was unnecessary, because the claims had already been settled in full. The controller appealed the decision to the Federal Administrative Court, arguing that this payment history was necessary to calculate reliable information about an individual’s creditworthiness. The Court first stated that the controller could only rely on legitimate interests (Article 6(1)(f) GDPR) as a valid legal basis for processing, meaning national law (such as Section 152 of the Industrial Code) or other legal bases under Article 6(1) GDPR were not valid. The Court then examined the case law on balancing the legal interests of data subjects and credit information agencies. Jurisprudence of the Court and the Administrative Court have consistent