LG Passau - 1 O 64/24
| LG Passau - 1 O 64/24 | |
|---|---|
 | |
| Court: | LG Passau (Germany) |
| Jurisdiction: | Germany |
| Relevant Law: | Article 6(1)(f) GDPR Article 82(1) GDPR |
| Decided: | 19.07.2024 |
| Published: | |
| Parties: | |
| National Case Number/Name: | 1 O 64/24 |
| European Case Law Identifier: | |
| Appeal from: | |
| Appeal to: | |
| Original Language(s): | German |
| Original Source: | Gesetze-Bayern (in German) |
| Initial Contributor: | ao |
A court held that the transmission of data to a credit rating agency was justified due to the legitimate interests of the controller.
English Summary
Facts
The data subject entered into a telecommunications contract with the controller who then informed a credit rating agency about the establishment of the contract and disclosed personal data in connection with the contract.
The data subject claimed that he never consented to the transmission of the data. He elaborated that the controller acted unlawfully as the transmission of the data was not necessary for the performance of the contract nor justified through legitimate interest under Article 6(1)(f) GDPR.
In addition, the data subject claimed appropriate damages as he believed that the transmission of data negatively affected his credit score which caused him persistent existential worries.
The controller argued that the transmission of data is necessary for fraud prevention, prevention of overindebtedness and for the precise prognosis of risk of default. Further, it stated that the transmission in question was indicated to the data subject when entering into the contract and rejected the argument that the data transmitted affected the credit score of the data subject.
Before the claim was filed by the data subject, the credit rating agency had already deleted the data indicating whether a telecommunications contract had been entered into.
Holding
The regional court of Passau (Landesgericht Passau – LG Passau) held that the data transmission was permissible under Article 6(1)(f) GDPR as it was necessary for the legitimate interests of the controller and third parties. The transmission of data was held to be necessary for fraud prevention as it allows for more precise prognosis on overindebtedness and risk of default.
Moreover, due to the narrow scope of the transmitted data the court found that the fundamental rights or freedoms of the data subject did not outweigh the controller’s interests. The court further rejected the data subject’s claim to damages under Article 82(1) GDPR. It found the argument that precisely this transmission of data negatively affected the data subject’s sentiment not credible (especially since his credit score showed a “very low risk” of default).
The data subjects claim was found to be unwarranted and therefore rejected by the court.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the German original. Please refer to the German original for more details.
Title: Transfer of data to credit agencies in telecommunications contracts Chain of standards: GDPR Art. 6 Para. 1f, Art. 82 Para. 1 Guiding principle: The transmission of the information that the plaintiff has concluded a telecommunications contract with the defendant and the contract account number to credit agencies is justified. (Rn. 14) (editorial guiding principle) Keywords: Telecommunications contract, credit agency, transmission, positive data, fraud prevention, risk of over-indebtedness, risk of default, claim for damages Source: BeckRS 2024, 18360 Tenor The action is dismissed. The plaintiff must bear the costs of the legal dispute. The judgment is provisionally enforceable. The plaintiff can avert the defendant's enforcement by providing security in the amount of 110% of the amount enforceable on the basis of the judgment, unless the defendant provides security in the amount of 110% of the amount to be enforced before enforcement. Facts 1 The plaintiff is suing the defendant for damages, injunctive relief, determination and reimbursement of pre-trial costs due to a data protection violation. 2 The defendant provides telecommunications services. The parties have been linked by a telecommunications contract since March 1, 2021. 3 On March 1, 2021, the defendant reported the conclusion of the telecommunications contract with the plaintiff to S. Holding AG and transmitted the service account under the number ... (information from S. Holding AG dated October 8, 2023, Appendix K2). 4 On October 19, 2023, S. Holding AG published a press release (Appendix B2), according to which telecommunications companies and the company itself had decided to delete the information that a contract account exists with a telecommunications company. For 53 percent of people, the score will be lower after deletion, and for 47 percent, higher. 5 In a letter dated October 26, 2023, the plaintiff's legal representatives called on the defendant to pay damages and to cease and desist (Appendix K1). 6 The plaintiff claims that he did not give his consent to the transmission of this data. The transmission of positive data by the defendant was unlawful. It was not necessary for the performance of the contract and was not justified by a legitimate interest. He felt a loss of control and was very worried about his own creditworthiness. To this day, the plaintiff is worried and afraid that his S. score will be falsified. This increases his malaise to sheer existential concern. 7 The plaintiff finally requests, 1. The defendant is ordered to pay the plaintiff compensation for non-material damage in an appropriate amount, the amount of which is left to the court's discretion, but at least EUR 5,000.00 plus interest since the action was brought at a rate of 5 percentage points above the base interest rate. 2. The defendant is ordered to refrain from transmitting positive data of the plaintiff, i.e. personal data that does not contain payment history or other non-contractual behavior, but information about the commissioning, implementation and termination of a contract, to credit agencies, namely S. Holding AG, K.weg ..., W., without the consent of the plaintiff, i.e. in particular not on the basis of Art. 6 Para. 1 lit. f) GDPR to improve the quality of credit ratings or to protect the economic actors involved from credit risks, on pain of a fine of up to EUR 250,000.00 to be set by the court for each case of infringement, or alternatively a term of imprisonment of up to six months to be enforced on its legal representative, or up to two years in the event of a repeat offense. to compensate for non-material damages incurred by the plaintiff as a result of the unauthorized processing of personal data. 4. The defendant is ordered to pay the plaintiff pre-trial legal costs of EUR 713.76. 8 The defendant requests 9 The defendant takes the view that the transmission of the positive data is justified to prevent fraud, to prevent over-indebtedness, for more precise default risk forecasts and for the functionality of the credit agencies. The plaintiff was also informed of the data transmission when the contract was concluded. The defendant denies that the data transmission has any effect on the plaintiff's credit rating. The defendant considers the occurrence of causal damage to be implausible and denies such. 10 The court held oral proceedings on the matter on July 15, 2024 and heard the plaintiff for information. 11 To supplement and complete the facts, reference is made to the written submissions exchanged by the parties and the appendices as well as the minutes of the meeting. Reasons for the decision 12 The admissible action is unfounded. 13 1. The data transfer in dispute is justified under Art. 6 (1) (f) GDPR because it is necessary to protect the legitimate interests of the defendant and third parties and the interests or fundamental rights and freedoms of the plaintiff, which require the protection of personal data, do not outweigh them. 14 The transmission of the information that the plaintiff has concluded a telecommunications contract with the defendant and the contract account number to credit reporting agencies is justified. 15 a) The transmission and further processing of the positive data is necessary to prevent fraud. This makes it possible, for example, to determine whether a person is concluding a large number of telecommunications contracts with fraudulent intent, for example in order to obtain the hardware provided by the providers. Since the negative data is only recorded over time, transmitting it is not sufficient for preventive purposes. Applications to conclude a contract using false personal details can also be identified if there is no entry for this in the credit agency, although this would be expected due to the person's age. 16 b) The transmission and recording of positive data also makes it possible to predict the risk of over-indebtedness and the risk of default more accurately. This is because the recording of positive data makes it easier to put any negative data in relation to the total volume of transactions with credit risk concluded by the same person. 17 c) The data transmission in question here is so minimal that there are no legitimate interests of the plaintiff that would outweigh the aforementioned legitimate interests. 18 d) Due to the legality of the data transmission, the plaintiff is not entitled to any claims for damages or injunctive relief. The application for a declaratory judgment is also unfounded. The same applies to the additional claims asserted. 19 2. A claim for damages under Art. 82 Para. 1 GDPR also fails due to the existence of damage. After hearing the plaintiff for information, the court does not consider it credible that he claims to have been noticeably affected in any way by the data transfer. The information provided by S. Holding AG for the plaintiff (Appendix K2) contains a large number of entries. It is incomprehensible that the entry in question here should bother the plaintiff. According to the information, the plaintiff's base score was 98.21% as of July 1, 2023. The most recent information sent to a bank on August 20, 2023 was rated "very low risk". In this respect, too, the plaintiff's claims of feeling unwell or losing control are not credible for the court. 20 The action was therefore dismissed as unfounded. 21 1. The decision on costs is based on Section 91 of the Code of Civil Procedure. 22 2. Provisional enforceability arises from Sections 708 No. 11, 711 ZPO. 23 3. The determination of the value in dispute is based on Sections 39 Para. 1, 43 Para. 1, 48 Para. 1 Sentence 1 GKG, 3 ZPO.
