Court case Ra 2023/04/0271 – Court Ruling (Austria, 2025)

A data subject lodged a data protection complaint against a credit information agency (the controller) with the Austrian Data Protection Authority (DSB). The data subject requested access under Article 15 GDPR to understand how his personal data were processed, specifically regarding the calculation of his creditworthiness score, including the logic, factors, and rules applied. At that time, the controller maintained two datasets about him: one as a private individual and one as a sole trader. Following a prior deletion request by the data subject, the controller deleted certain data related to his previous debt settlement proceedings. Regarding the controller's response to the access request, the data subject argued that provided information was inadequate.He claimed that he was entitled to a full explanation of how the score was generated and how the underlying data influenced it. The DSB initially sided with the data subject, finding that the controller violated Article 15 GDPR by deleting one dataset after the access request and providing insufficient information on the remaining dataset. The DSB ordered the controller to clarify and supplement the information provided. The controller further appealed to the Federal Administrative Court (BVwG), which overturned the DSB’s decision. It found that the deletion of the dataset had been at the request of the data subject, and therefore did not constitute a violation. Regarding the second dataset, the court held that the access provided was sufficient because the creditworthiness score value of 0.01 was a manually assigned neutral baseline, not a result of an automated decision or profiling. Consequently, no automated decision-making under Article 22 GDPR occurred, and the data subject received adequate information about the sources, parameters, and general methodology for future creditworthiness assessments. The data subject then filed an extraordinary revision with the Administrative Supreme Court (VwGH) . The S