Private Individual – Court Ruling (Germany, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A private individual challenged a debt collection company's failure to remove a negative credit entry after settling a debt. This ruling is significant because it reinforces the rights of individuals to have their data corrected when agreements are made. Companies must ensure they follow through on data removal requests.
What happened
The court ruled that the debt collection company did not fulfill its obligation to delete a registered claim after a settlement was reached.
Who was affected
The individual who had a debt with the bank and was affected by the negative credit entry.
What the authority found
The Administrative Court upheld the individual's appeal, stating that the debt collection company failed to comply with the request for data deletion.
Why this matters
This case highlights the importance of companies adhering to data correction requests. It serves as a reminder for businesses to ensure they promptly address data removal requests to comply with privacy regulations.
GDPR Articles Cited
National Law Articles
Controller (company B) is a company that collects debts. The data subject had a contractual relationship with a bank (company A), since they had a credit card account at this bank. The data subject experienced payment difficulties in 2017, which resulted in debt. Ultimately, this led company A to commission company B with the collection of the accumulated debt. Although it remained disputed between the parties whether the data subject and company B concluded a payment arrangement to pay off the debt, the data subject then paid instalment fees to company B to resolve the whole debt. However, company B still registered a claim for €1,546 with SCHUFA Holding AG. This is a credit reference agency that registers debt so that other companies can assess a customer's creditworthiness. The data subject then brought the action before the Regional Court of Lüneburg (Case number 3 O 143/20), in which the data subject and company A concluded a settlement, in which company A promised to have the registered claim of €1,546 removed from the database of SCHUFA Holding AG, pursuant to Article 17(1)(a) GDPR. Company B then contacted the SCHUFA Holding AG to have the claim removed, but the latter did not fulfil the request for deletion. On 10 February 2021, the data subject filed a complaint with the Hessian DPA. The DPA, however, rejected the complaint because it did not see a violation of the GDPR. Consequently, it held that there was no possibility of obliging SCHUFA Holding AG to delete the entry. It was assumed that an agreement on payment in instalments had not been concluded, even if the data subject had behaved in this way. The data subject appealed against this decision before the Administrative Court of Wiesbaden. The Administrative Court of Wiesbaden upheld the appeal. First, the Court considered that the Hessian DPA is the competent supervisory authority pursuant to Article 64(1)(a) GDPR, and that the Court is competent to hear the disputes pursuant to Section 20(1) a
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Private Individual in DE
This is the only recorded case for this entity in this jurisdiction.
Details
Ruling Date
27 September 2021
Authority
DPA VGWiesbaden
Enforcement Tracker ID
ETid-1275
GDPRhub ID
gdprhub-court-4434About this data
Cite as: Cookie Fines. Private Individual - Germany (2021). Retrieved from cookiefines.eu
Last updated: