Court case 19 U 1468/25 e – Court Ruling (Germany, 2025)

The data subject filed a lawsuit with the Munich Regional Court against the controller, a credit information agency. The data subject claimed to have suffered damages due to automated decision-making carried out by the controller, more specifically receiving rejections due to his credit score when renting an apartment and applying for car financing. The Court dismissed the case on the grounds that no violation of Article 22 GDPR was found, and did not award damages because a GDPR breach is a pre-requisite for awarding damages under Article 82. The data subject then filed for an appeal with the Munich Higher Regional Court, asking, among other things, for a declaration of illegality of credit scoring based on automated processing, compensation for immaterial damages, and specific information on score calculation under Article 15(1)(h). The court noticed the parties that it intends to dismiss the data subject’s appeal in full. The court could not produce a declaration of illegality of credit scoring based on automated processing. It reasoned that the mere creation of a score does not constitute a legal decision under Article 22. Also, the rejections faced by the data subject were not exclusively, if at all, based on the credit scoring, but on other factors. Thus, there is no demonstrable link between the scoring and the rejections. For Article 22 to apply, three cumulative conditions have to apply: a) the presence of a decision b) the decision must be solely based on automated processing including profiling c) the decision produces legal effects or similar impact on the data subject According to the court, the creation of a score cannot amount to a legal effect or similarly impactful effect concerning the data subject. Moreover, the data subject could not sufficiently prove that the data processing resulting in the credit assessment had a meaningful weight on the decisions of third parties. Thus, Article 22 GDPR cannot be applicable. The data subject, i