Court case 11 C 157/24 – Court Ruling (Germany, 2025)

The data subject concluded a contract with a telecommunications company (controller) for the provision of telecommunications services . The controller provided the data subject with a leaflet, informing him about the transfer of data regarding the conclusion of the contract (positive data) to credit information agencies. On the same day, the controller transmitted the name, date of birth and address of the data subject as well as the contract number and the date to Schufa, a credit information agency. In the meantime, the data subject was involved in consumer insolvency proceedings, for failing to settle personal loans. The data subject later became aware of the data transfer to Schufa and filed a case before the court of first instance (Regional Court of Singen - AG Singen). He maintained that the transfer was unlawful because he never provided his consent and climed immaterial damages of least €500, under Article 82(1) GDPR. He alleged that due to the data transfer he suffered from anxiety, a sense of loss of control over his data and worried about his creditworthiness, which affected his sleep and therefore his quality of life. The controlled argued that he transmission of positive data to credit information agencies was permissible for reasons of fraud and over-indebtedness prevention and that the data subject was not entitled to any damages. The court rejected the case as unfounded. First, it held that the data subject had no claim for damages arising from Article 82(1) GDPR because the processing of personal data was lawful, under Article 6(1)(f) GDPR. The transfer of the data subject’s contractual data was necessary for reasons of fraud, identity theft and over-indebtedness prevention, thus serving the legitimate interest of the controller. Second, the court ruled that the data subject did not suffer immaterial damage from the data transfer. It pointed out that since he was involved in consumer insolvency proceedings, there were serious doubts that hi