Lawyer (controller) – Court Ruling (Austria, 2026)

The controller, a lawyer, attempted to recover an unpaid legal fee from a data subject. He possessed the data subject’s personal data, including name, date of birth, and address, from the earlier legal proceedings. After the payment order, the data subject changed their surname and moved to Germany and did not inform the controller of these changes. On 11 August 2025, the controller contacted the data subject at her new address and requested the outstanding payment. The data subject replied on 23 August 2025 and asked for where the controller got her address from, arguing that failing to provide this information would violate Article 14 GDPR. On 29 August 2025, the controller responded that he had obtained the address in the course of his professional activity and could not disclose details due to his duty of professional secrecy. On the same day, the data subject filed a complaint with the Austrian DPA. She alleged violations of Article 14(2)(f) GDPR, the principles of processing under Article 5(1)(b) GDPR, the lawfulness requirement under Article 6 GDPR, and her right to erasure under Article 17 GDPR. The data subject claimed she would not pay until these procedures were concluded. On 20 October 2025, the DPA refused to deal with the complaint under Article 57(4) GDPR as it considered the complaint unfounded and abusive because it served only to delay or obstruct the enforcement of the debt. The data subject appealed this decision to the court. First, the court confirmed that supervisory authorities may refuse to act on complaints that are manifestly unfounded or abusive under Article 57(4) GDPR. It referred to the case law of the CJEU that clarifies that the concept of an “application” in Article 57(4) GDPR also covers complaints under Article 77 GDPR. Second, the court assessed whether the complaint pursued a legitimate data protection objective. It found that the data subject used the complaint primarily to delay or prevent the enforcement of the controller’s