Court case W252 2307842-1 – Court Ruling (Austria, 2025)

A data subject filed twenty data-protection complaints between April 2021 and August 2024 against twelve different controllers, alleging violations of the GDPR rights to access, confidentiality, erasure, rectification, and restriction of processing. These complaints were submitted as free-form email attachments rather than using the authority’s structured form, and they consistently contained accusatory, hostile, and often insulting language toward the controllers and toward the Austrian Data Protection Authority (DSB). In many of the complaints, the data subject claimed that access requests had been ignored or incompletely answered, that deletion requests were not fulfilled, or that data had been unlawfully processed or disclosed. Also, the data subject frequently used derogatory expressions combined the GDPR allegations with extensive personal attacks, and repeatedly demanded “as high penalties as possible.” The DSB refused to process the complaints, arguing that the complaints were excessive, abusive, and not genuinely aimed at protecting GDPR rights. The data subject further appealed this refusal to the Federal Administrative Court (BVwG). The court dismissed the complaint and held that the DSB lawfully refused to process the twenty complaints under Article 57(4) GDPR on the ground that they constituted excessive and abusive requests. The Court emphasized that, under CJEU case law, supervisory authorities may refuse to act when complaints are objectively abusive, particularly when the data subject’s dominant intent is unrelated to GDPR-protected purposes. Although a mere quantity of complaints cannot be the sole basis for refusal, the data subject’s pattern, combined with clearly retaliatory and hostile motives, satisfied the requirement of proving misuse. The Court found that the data subject used GDPR procedures as a means of personal confrontation, not to vindicate data-protection rights, and thus his conduct fell squarely within “excessive” and “abusive”