LG München I - 33 O 5976/22: Difference between revisions

From GDPRhub
No edit summary
 
Line 7: Line 7:
|Court_Original_Name=Landgericht München I
|Court_Original_Name=Landgericht München I
|Court_English_Name=Regional Court Munich I
|Court_English_Name=Regional Court Munich I
|Court_With_Country=LG München I (Germany)
|Court_With_Country=LG München (Germany)


|Case_Number_Name=33 O 5976/22
|Case_Number_Name=33 O 5976/22

Latest revision as of 11:40, 4 October 2023

LG München I - 33 O 5976/22
Courts logo1.png
Court: LG München (Germany)
Jurisdiction: Germany
Relevant Law: Article 6(1)(b) GDPR
Article 6(1)(f) GDPR
Article 80(2) GDPR
Decided: 25.04.2023
Published:
Parties:
National Case Number/Name: 33 O 5976/22
European Case Law Identifier:
Appeal from:
Appeal to: Unknown
Original Language(s): German
Original Source: LG München (in German)
Initial Contributor: mg

A German court held that disclosing data to a credit ranking agency, even when it concerns “positive” information about the data subject, is unlawful under the GDPR if not based on consent.

English Summary

Facts

The controller was a telecommunication company. In its contracts with the customers, the controller informed the latter that personal data, including “positive data”, could be transferred to the credit ranking agency SCHUFA. The controller and SCHUFA were in a mutually advantageous relationship: the former got reliable information to check potential customers’ creditworthiness, the latter improved its scoring system.

According to the plaintiff, a consumer association, such data sharing violated Articles 5(1)(a) and 6 GDPR, as neither contract nor legitimate interest could be used as a legal basis for transmission of data to SCHUFA. Therefore, the consumer association asked a court to stop the disclosure of so-called “positive data” to SCHUFA. By "positive data" we refer to personal data that do not show any data subject’s negligence in the performance of the underlying contract with the telecommunication company.

In response to the legal claim, the controller raised several points. Firstly, the association did not have legal standing, as it represented consumers and not data subjects. Secondly, the controller argued that Article 80(2) GDPR did not apply at the case at issue, as no concrete violation of the GDPR with regard to a specific data subject was alleged by the association. The association lamented an abstract violation as a consequence of the controller’s privacy policy. In the merits, the controller stated that the disclosure of personal data to SCHUFA was subject to strict and clear requirements. Data processing was covered both by Article 6(1)(b) and (f) GDPR, as it was necessary to perform telecommunication contracts and prevention of credit risks and fraud was a legitim ate interest of the controller and society at large. Thanks to the disclosure the consumers also improved their SCHUFA “score” through positive data points.

Holding

From the outset, the court clarified that the GDPR aims to protect the data subject’s fundamental rights not only as a citizen, but also as a consumer. Moreover, Article 80(2) GDPR enables the representation of data subjects by an association whenever processing activities can affect identified or identifiable persons, which is the case in the dispute at hand. Therefore, the consumer association had legal standing pursuant to Article 80(2) GDPR.

In the merits, the court found that the disclosure of “positive data” to the credit ranking agency was unlawful. On the one hand, processing could not be based on Article 6(1)(b) GDPR, as the disclosure was not necessary for the performance of the telecommunication contract. Concerning Article 6(1)(f) GDPR, the court acknowledged that both the controller and SCHUFA might have legitimate interests in the processing. However, the controller did not choose a necessary and proportionate measure to achieve its goals, but only the most efficient measure.

First, the court stressed how less intrusive means existed to reach the same results: the controller could e.g. reduce credit risks by means of a sound customer assessment without systematically disclosing all its customers’ data to a third party. SCHUFA’s interest in the improvement of its score systems through positive data could be achieved by less intrusive means as well, especially by asking for the data subject's consent.

Second, the processing disproportionately affected the rights and interests of data subjects. The disclosure was too broad and not limited to specific kinds of contracts. Importantly, the data subject should not be forced to disclose personal information to gain potential advantages that are only indirect and in the future (such as a better SCHUFA “score”). In other words, the data subject should not be forced to share their “positive data” on the only basis that SCHUFA may perform a negative evaluation due to the lack of positive data points about them. As a matter of fact, nothing shall be derived from the mere lack of information. Therefore, the fact that disclosure may positively affect the data subject in the future did not constitute a legal basis pursuant to Article 6 GDPR.

Comment

In the present judgement there seems to be a tension between the principle of accuracy (Article 5(1)(d) GDPR) and the principle of data minimisation (Article 5(1)(c) GDPR). In particular, the court priorities the latter over the former. Interestingly, the explanation of such a conclusion lies in the fact that, according to the judges, no negative assessment should be derived from the mere lack of information about a certain data subject. This statement, acceptable in theory, is of difficult implementation in practice, where "negative data" provided by credit ranking agencies are regularly used by banks and insurance companies when deciding to enter into contractual relationships with consumers. A partial solution for this issue is nevertheless offered by the statement that "positive information" can - and shall - be transmitted on the basis of the data subject's consent.

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the German original. Please refer to the German original for more details.

final judgement




I. The defendant shall be convicted, one by one by the court for each

      In the event of an infringement, a fine to be set up to

      EUR 250,000, alternatively detention for up to six months, or
      orderly detention of up to six months, the latter to be carried out

      their manager, to refrain from doing business

      Actions towards consumers


      after the conclusion of a telecommunications contract, so-called positive data,

      i.e. personal data that is not negative

      Payment experiences or other non-contractual behavior
      content, but information about the application,

      Execution and termination of a contract represent

      Credit agencies, namely SCHUFA Holding AG,
      Kormoranweg 5, 65201 Wiesbaden, as in Appendix K 3

      under the heading "Creation of a service account (SCHUFA)"

      described.


























                                  2345678910 facts



The plaintiff is making claims for injunctive relief against the defendant under unfair competition law
as well as a pre-court warning fee.



The plaintiff is a legal association and as a qualified entity within the meaning of
§ 4 UKlaG registered.



The defendant is a telecommunications company operating under various

Brands, e.g. the brands "o2", "blau" and "Telefónica", offers mobile communications services.


In the respective data protection notices of "o2", "blue" and "Telefónica" (Annex K 1

to K 3), of which the reference from "o2" (Annex K 1) only applies to business customers,
the defendant is named as responsible.



In the data protection notice of "Telefónica" under the heading "Creation
a service account (SCHUFA)" the following clause:



        “We are submitting to protect market participants

        bad debts and risks personal data about
        the application, admission and termination of the

        Telecommunications contract (name, address, date of birth,

        Information about the completion of this
        Telecommunications contract, reference to the contract) to the

        SCHUFA, if the contracts result in a

        sufficient relevance (Art. 6 Para. 1 f) GDPR). [...]"


The defendant transmitted so-called positive data to SCHUFA after the conclusion of the contract.


The plaintiff instructed the defendant by letter dated January 25, 2022 to refrain from

the action to claim 1. evident acts and to submit a

punitive injunctive relief requested (Annex K 4). This was from the

Defendant rejected (Annex K 5).
                                        12The plaintiff believes that he is entitled to sue under UKlaG and § 8 Para. 3 No. 3 UWG.


He is not obliged to protect consumer data protection law as others

consumer-protecting legal provisions explicitly in its statutes
mention. From the plaintiff's statutes it is clear that his primary

The purpose of the association is to protect and strengthen consumer interests.

For this reason, according to Section 2.2 lit. c), it is part of the plaintiff's association statutes

his duties, violations of competition law, general terms and conditions and
other provisions serving to protect consumers.

Regardless of this, the plaintiff undisputedly has data protection in its statutes

dated September 21, 2022 (Annex K 9).


Certain requirements of data protection law, in particular the rights of data subjects

according to Art. 12 GDPR, cannot be exclusively regarded as data protection rights

qualify, but would also have to be recognized as consumer protection rights
find. The enforcement of data protection law is not exclusively the responsibility of the

competent data protection authorities. Art. 80 GDPR expressly recognizes that

Instruments of class actions and constitutional complaints for effective

enforcement of data protection law (ECJ GRUR 2022, 920 - App-Zentrum).
According to § 2 para. 2 sentence 1 No. 11 UKlaG, there are also such standards

consumer protection, the permissibility of collection and processing

of a consumer's personal data by a company, among others
for the purpose of operating a credit agency, the creation of personality and

User profiles, other data trading or comparable commercial

purposes regulated.


If you read the wording of Section 2 Paragraph 2 Sentence 1 No. 11 lit. b) UKlaG carefully

evident that the expressly stated purposes, such as the operation of a

Credit reporting, not necessarily by the company that originally provided the data
collected from the consumer would have to be implemented themselves. Even if

the view should be taken that the wording of the standard should be narrower

is understandable, and the defendant directly realizes the stated purposes himself

would have to, the requirements of § 2 para. 2 sentence 1 No. 11 UKlaG are present

                                        13 fulfilled. Because the defendant collects and uses positive data in order to commercialize it

purposes, namely using them with credit reporting agencies and via them
with other telecommunications service providers for scoring purposes

to exchange comparable commercial purposes.


The complaint number 1 lit. a) is - contrary to the opinion of the defendant - not in

Regarding the term of using positive data too vague, the term

will be determined by the further description in the application.


The claim for injunctive relief asserted in Section 1 lit. a) follows from Section 2 Paragraph 1

Sentence 1, Paragraph 2 Sentence 1 No. 11 lit. b) i. V. m. § 3 Abs. 1 Nr. 1, 4 UKlaG as well as from § 3a

i. V. m. Section 8 Paragraph 1 Paragraph 3 No. 3 UWG.


The transmission of so-called positive data to credit agencies by the defendant

is data processing within the meaning of Art. 4 No. 2 GDPR. You don't succeed

Based on a legally recognized legal basis and thus constitute a violation
against the principle of legality under data protection law in accordance with Art. 6 Para. 1

and Article 5 Paragraph 1 Letter a) GDPR, which consumer protection and

are market behavior regulations.


The data processing is not covered by Art. 6 (1) sentence 1 lit. b) GDPR because

Customers also enter into contracts without the transmission of positive data to credit bureaus

could complete.


The data processing is also not covered by Art. 6 (1) sentence 1 lit. f) GDPR,

because the defendant has no legitimate interest in the transmission of positive data

Credit bureaus exist, which protect the interests of those affected in the protection of their
data prevails. This assessment is in accordance with the decisions of the

Conference of the independent federal and state data protection authorities

06/11/2018 and 09/22/2021.


According to its data protection information, the defendant can use positive data independently of

the specific value of the individually assigned within the framework of a mobile phone contract

transmit the hardware provided. Anyway, go out

                                        14Privacy policy of the defendant, which the data subject through the defendant

communicated, does not clearly state that a certain value threshold or
a certain contract period is decisive for the transmission of the positive data.

Fraud prevention is not a legitimate interest; in this respect positive data are out

From the defendant's point of view, they may be particularly practical, but they are not mandatory
necessary. By sending positive data to the credit bureaus, for example

identity cannot be verified.



Nor is there any interest on the part of consumers. This can only be deducted from
if a negative conclusion follows from the lack of data,

although no conclusions are drawn from the lack of data

should. With regard to the possible broader possibility of concluding a contract
take into account that the defendant also received positive data from existing customers and

not only transmitted by new customers.



With regard to an interest of SCHUHFA, the plaintiff points out that the company
the SCHUFA does not have to be set if the transmission of positive data

would be limited to cases with consent. The relevant statements of

Defendants only concern the justification of the existence of credit agencies as such.


There is also a lack of necessity. So it is already not clear why none

Consent could be obtained or the service concept of the defendant could not

can be adjusted. In this respect, the defendant chooses the most effective one, but not the one
required action. There are also doubts about the suitability of the

Data transmission: a transmission after the conclusion of the contract does not have the

Effect described by the defendant.


Ultimately, the interests of the consumer outweigh a data transfer

to decide for yourself. An expectation of those affected in relation to a

such data transmission cannot be assumed. The reference to the
In this respect, the right of withdrawal of those affected represents circular reasoning. The defendant

Last but not least, I have the option of express (and voluntary) consent

to ask the person concerned. Due to the already existing communication with

the customer upon conclusion of the contract, it would be easy for the defendant

                                         15corresponding positive data not unsolicited on the basis of a balance of interests

to pass on, but to rely on the consent of the person concerned, which then
would have to be queried.



The plaintiff points out that, to the extent that the defendant for justification purposes
the "Rules of Conduct for the Review and Deletion Periods of Personal Data

by the German credit agencies” of May 25, 2018 (Annex B 11).

and from their approval by the North Rhine-Westphalian

Data protection supervisory authority a general legitimation of the disputed
Transmission of positive data to credit bureaus would like to derive the rules of conduct

deal exclusively with the question of test and deletion periods and

did not address the question of the legal basis on which the credit bureaus
positive data should be transmitted at all.



The plaintiff goes on to say that the application for an injunction, number 1 lit. b), follows from §§ 1, 3 para.

1 No. 1 UKlaG i. V. m. § 307 Section 1, 2 No. 1 BGB i. In conjunction with Article 5 Paragraph 1 Letter a) and Article 6
Paragraph 1 GDPR. The objected clauses are terms and conditions that

the requirement of legality and the principle of transparency in accordance with Article 5 (1) (a)

and Art. 6 GDPR.


The under item 9 of the data protection information sheet for the brands "o2", "blue" and

"Telefónica" formulated conditions constituted unlawful generalities

Terms and Conditions within the meaning of § 305 Paragraph 1 Clause 1 BGB, because they violated
against the data protection principles of lawfulness and the

Transparency according to Article 5 Paragraph 1 Clause a), Article 6 GDPR. It will be with those affected

gives the impression that the transmission of the data in question is necessary

Prerequisite for the initiation or implementation of the contractual relationships. It
will be standardized in Article 5 Paragraph 1 Letter a) and Article 6 Paragraph 1 Clause 1 GDPR

Principle of the lawfulness of the data processing deviated and in this respect the

Clause with the main ideas of this legislation not
compatible, because the defendant is able to transmit positive data

Credit agencies and thus the subject of the aforementioned clauses not in

to legitimize the necessary extent by a legal basis.



                                         16The complaint number 2. (reimbursement of costs) follows from § 5 UKlaG i. V. m. § 13 paragraph 3

UWG.


In the oral hearing on March 14, 2023 (cf. Bl 220/222 of the A.), the

Plaintiff's representative reworded the claim number 1 lit. a).


The plaintiff finally requests:



The defendant is convicted


   1. It is to be determined in order to avoid a for each case of infringement

      Fine of up to 250,000.00 €, alternatively, up to six arrests
      months, or orderly detention up to six months to enforce at their

      Directors to refrain from doing business in the future

      Actions towards consumers


             a. after conclusion of a telecommunications contract

                Positive data, i.e. personal data that is not negative

                Payment experiences or anything else that is not in accordance with the contract

                behavior to have content, but information about the
                Applying for, executing and terminating a contract

                represent, to credit agencies, namely the SCHUFA

                Holding AG, Kormoranweg 5, 65201 Wiesbaden, how
                in Appendix K 3 under the heading “Creation of a service account

                (SCHUFA)”.



             b. the following clauses with the same content within the framework of
                Use privacy notices for mobile devices:



                “We are submitting to protect market participants
                Bad debts and risks personal data about the

                Application, admission and termination of the

                Telecommunications contract (name, address, date of birth,

                Information about the conclusion of this telecommunications contract,

                                       17 reference to the contract) to SCHUFA if this is indicated

                the contracts are of sufficient relevance (Art. 6 Para. 1 f)
                GDPR)."



   2. EUR 260.00 (including 19% sales tax) plus interest to the plaintiff
      of five percentage points above the base rate from the day after

      pendency to pay.



The defendant requests:


      dismissal.


The defendant submits that until September 1st, 2022 they can only do so under narrow conditions

and only sent so-called positive data to SCHUFA and this until clarification

exposed to the legal situation.


As part of a notification (of positive data) to the SCHUFA

only identity data (name, address, date of birth) and data on the "whether" of the

Existence of a telecommunications contract reported. Specifically, it was about it

to data on the application, admission and termination of a
Telecommunications contract (information about the conclusion of this

telecommunications contract, reference to the contract). have more data

not submitted by the defendant. In particular, they have no information on
concrete content of the contract, such as the amount of the monthly installments or the

other contractual conditions. You don't have any information about either

regularity of the payments, the extent of the liabilities or about the

Payment behavior transmitted by customers.


Registration is only possible under narrow, clearly defined conditions.

Only information on continuing obligations (so-called postpaid
Contracts) which showed an increased risk and the following

Requirements met: Initial term of 12 months and more

Credit character (e.g. hardware financing) and a basic fee of



                                        18 higher than 100 euros and the person concerned is a contract holder (cf. Appendix B 4 -

Clause 5.2 of the General Terms and Conditions of SCHUFA).


Consequently, the data only affect the social sphere of those affected and only the

Time of beginning and end of a contractual relationship with the customer. It
there is no monitoring of the payment behavior of customers and the data

do not affect any intimate or private area of life. An “unreasonable transfer”

so-called "positive data" to "credit agencies" does not take place.


The defendant claims that the plaintiff is not entitled to sue because the complaint is specific

Individual cases not covered by the purpose of the statute. The UKlaG grant the

Authorized bodies (§ 3 UKlaG) in the event of violations of
Consumer protection regulations (§ 2 Para. 1 Sentence 1 UKlaG) the possibility to sue.

However, the plaintiff alleges violations of the GDPR here, so he will not

as a "consumer advocate" but as a "data protector". The regulations of

GDPR does not constitute any consumer protection laws within the meaning of Section 2 (1).
Sentence 1 UKlaG. The statute only provides that the plaintiff in violations of

“Competition law, general terms and conditions law and other consumer protection

applicable statutory provisions” (see Section 2.2 c) of the Articles of Association,

Annex B 1).


Furthermore, the defendant's data protection leaflets are not general terms and conditions,

but mere information documents. They served to provide information
from Art. 13 and 14 GDPR and are therefore mandatory.



However, the fulfillment of these data protection information obligations unfolds for

taken as such, no contractual regulatory effect between the parties. That
the plaintiff these data protection violations in competition law (§ 3a UWG) or AGB-

Law (§ 307 BGB), change nothing in this assessment, because the plaintiff

justify these violations in turn exclusively with violations of the
data protection law.



Section 8 (3) No. 3 UWG also does not give consumer protection associations the right to do so

Power to generally prosecute all data breaches. The regulations of

                                         19 GDPR can only be enforced via the enforcement regime of the UWG if the

relevant regulations Market conduct regulations i. s.d. § 3a UWG would be what
for the data protection regulations at issue here

case be.


With regard to application number 1 lit. b), it should also be noted that Article 80 (2) GDPR

for national law only legal standing for cases where “the rights of a

data subject is injured under this Regulation as a result of processing

have been "justify, in the application number 1 lit. b) the plaintiff makes a
abstract review of the data protection leaflets based on the general terms and conditions law.



With regard to application number 1 lit. b), there is also a lack of a need for legal protection.
The plaintiff's goal that the defendant refrain from transmitting positive data,

could not be reached with the complaint number 1 lit. b).



The application number 1 lit. a) is - in this respect the defendant referred to the original
Version of the complaint from the complaint of May 23, 2022 (page 2/3 of the file) - to

indefinite, since the claim for injunctive relief refers to terms whose

significance between the parties is disputed (BGH GRUR 2021, 758 para. 16; BGH

GRUR 2015, 1228 para. 26), namely the term “positive data”. Also regarding
the use of the term “particularly” raises doubts about certainty.

Inadmissible is also the - finally in the oral hearing of the plaintiff

14.03.2023 (page 221 of the file) dropped - legal reservation "unless these
Data transmission is based on a legal basis recognized under data protection law,

such as the consent of the person concerned, legitimized.".



According to the defendant, the claim number 1 lit. a) is also in the new
Version of 03/14/2023 contradictory and too far (cf. in this respect brief of

March 28, 2023, p. 223/236 d. a).


The defendant goes on to say that the following applies with regard to the transmission of data

Distinguish: The processing for the creditworthiness and identity check

potential contract conclusions is permissible. To the extent covered by the complaint

be, be this one too far. The transmission of data about non-contractual

                                          20Behaviour ("negative data") takes place in accordance with Section 31 (2) BDSG and is not the subject

the lawsuit. The subject of the dispute is the transmission of so-called "positive data".
to create “Service Accounts”.



The transmission of this data is permissible according to Art. 6 (1) sentence 1 lit. b) GDPR,
because the processing is carried out to carry out pre-contractual measures

request of the person concerned and is necessary for this purpose.



In the event of a dispute, the transmission is also in accordance with Article 6 (1) sentence 1 lit. f) GDPR
allowed. There are various legitimate interests on the part of the defendant, the

SCHUFA as well as the general public and customers. Regarding the defendant

if there was a legitimate economic interest in doing so, qualified
Obtain information about their potential customers so that they can assess their creditworthiness and

assess fraud risks. The data are intended to reduce credit risk,

for fraud prevention and early customer loyalty. on pages

SCHUFA is interested in considering that the business model of
Credit agencies on the most comprehensive possible processing of the data

those affected are based on the principle of reciprocity, and in this respect they are legitimate

economic interest in offering, processing and communicating positive data

have. With regard to the overall economic interest, it should be taken into account that
fraud can be effectively prevented by the transmission of positive data

could. It would thus be possible to reduce default risks, and with higher ones

Adoption rates make poorer consumers more financially inclusive. For
those affected are of interest about more favorable contract conditions, because - about

through a better weighting of negative entries - their score improved

will, as well as protection against over-indebtedness and the possibility of taking out

initial contracts.


The data processing is necessary in relation to these interests, because there are

no alternative, equally effective but less intrusive measures.
The defendant, the SCHUFA, the other participants in economic life and

in particular, the data subjects themselves are dependent on this additional data,

which went beyond negative entries. Because only on the basis of complete

Data could credit bureaus their trust-protecting and trust-building function

                                         21fulfil. Reporting negative data is not enough to avoid credit risks

curb, positive data would provide a much more accurate picture. The registration is on that
required amount limited.



There are no overriding opposing interests. It's not one
serious intervention. The transmission also corresponds to expectations

of those affected. There are maximum storage periods and those affected also decreed

with information, objection and deletion rights

options for intervention. In addition, § 31 BDSG results in the relevant
legislative will.



The decisions of the data protection conference to which the plaintiff refers
have no legally binding effect. They also didn't contain any

Pan-European consideration and no statement on the purpose of

fraud prevention. On the other hand, the "rules of conduct for the testing and

Deletion periods of personal data by the German
Credit agencies" from May 25, 2018 (Annex B 11) by the North Rhine-

Westphalian data protection supervisory authority has been approved, which is legitimation

the disputed transmission of positive data.


A claim for injunctive relief pursuant to Item 1 lit. b) of the application is not justified. It

the data protection leaflets are independent

information documents. They served to fulfill the information obligation from Art. 13 and 14
GDPR and are therefore mandatory. The fulfillment

However, data protection information obligations do not in themselves develop

contractual regulatory effect between the parties. On the contrary, "inform"

the defendant in the data protection notices also about data processing
"before submitting a contract offer", i.e. before a contract is concluded.



That a document that provides information about data processing prior to the conclusion of a contract
represents a general terms and conditions is conceptually excluded.

General terms and conditions would only take effect if they were at

conclusion of the contract would be included (§ 305 Para. 1 BGB). For this

However, no approval is obtained from leaflets.

                                        22If the plaintiff believes that the defendant's data protection information is
Decision of the KG (judgment of December 27th, 2018, Az. 23 U 196/13) as general terms and conditions

qualify, this is incorrect. According to this decision, the decisive factor is whether

the objective recipient is given the impression that a
contractual relationship is established or formed. However, that is not the case here

the case.



The Federal Commissioner for Data Protection and Freedom of Information (BfDI)
according to § 12a sentence 1 i. 11 UKlaG i. V. m. § 9 BDSG am

involved in the proceedings and issued a statement on February 21, 2023 (page 191/194 of the file).

delivered.


On April 21, 2023 (page 238/243 of the file) an unresolved brief by the

Defendant representative dated April 21, 2023 received by the court.


Incidentally, with regard to the comprehensive presentation of the parties on their

Written pleadings and attachments as well as the minutes of the oral hearing dated

March 14, 2023 (page 220/222 of the file).



























                                         23 reasons for the decision




The admissible action of the plaintiff (hereinafter: A.) is with regard to

Application for injunctive relief number 1 lit. a). (hereinafter B.I.) and the request for payment
a warning costs flat rate number 2. (hereinafter B. III.). Regarding

of the application for injunctive relief, number 1 lit. b), the action is unfounded and therefore was

to be rejected (hereinafter B. II.).




                                         A


The lawsuit is admissible, in particular the plaintiff is authorized to conduct litigation. Also are

the lawsuits in the most recent version sufficiently determined.


   I. The plaintiff is in accordance with §§ 3 Paragraph 1 Sentence 1 No. 1 UKlaG, 4 UKlaG i. V. m. § 2

          Para. 2 sentence 1 No. 11 UKlaG authorized to conduct litigation (cf. on the double nature at

          Associations Köhler/Feddersen, in: Köhler/Bornkamm/Feddersen, UWG, 41.
          Edition, § 8, para. 3.9).



          1. The standing of the plaintiff as included in the list of qualified
             Institutions according to § 4 UKlaG admitted

             Consumer protection association follows in relation to the application number 1 lit. a).

             § 2 para. 2 sentence 1 no. 11 UKlaG i. In conjunction with Art. 5 and 6 GDPR.


             a. The statutory task of the plaintiff is consumer protection.

                 Data protection law is, at least in part,

                 Consumer Protection Law.


                 aa. According to § 2 paragraph 2 sentence 1 no. 11 UKlaG belong to the

                    consumer protection laws i. s.d. § 2 UKlaG also the
                    Regulations governing the admissibility of collection, processing

                    or use of consumer personal information

                                         24 (“Consumer Data”) govern if these acts to

   be made for commercial purposes. be detected
   basically all nationally applicable data protection laws

   Regulations (Köhler, in: Koehler/Bornkamm/Feddersen, 40.

   Edition, UKlaG, § 2 para. 17).


bb. This also includes the provisions of Art. 5 and 6 GDPR
   grasp. It was true that some doubted that the GDPR

   Consumer Protection Act i. S.v. Section 2 (2) sentence 1 no. 11 UKlaG

   can be, since it appeared questionable whether the existing

   dynamic reference also future Union law
   Regulations such as the GDPR cover and moreover the GDPR

   nor the collective interests of consumers, but

   (only) protect the fundamental rights and freedoms of citizens

   should (Köhler, in: Köhler/Bornkamm/Feddersen, 40th edition,
   UKlaG § 2 Rn. 29, 29 a, 29 b, on the status of opinion with further information:

   BGH GRUR 2020, 896 - app center).


   The ECJ resolved the dispute in relation to

   Consumer protection organizations initially decided to

   that Articles 20 to 24 of Directive 95/46/EC are to be interpreted in such a way that

   they a national regulation that allows associations to maintain
   Consumer interests allowed against the alleged

   Violators of regulations on the protection of personal data

   to bring an action (ECJ GRUR 2019, 977
   – Fashion ID). However, this decision affected the RL

   95/46/EG, which has been repealed with Art. 94 Para. 1 DSGVO.



   On submission of the BGH (BGH GRUR 2020, 896 - App-Zentrum)
   the ECJ finally decided that Art. 80 (2) GDPR

   should be interpreted to the effect that consumer associations

   based on Section 2 (2) sentence 1 no. 11 GDPR against GDPR

   Violations in accordance with Art. 80 Para. 2 GDPR
   can, provided that the data processing in question violates the rights


                       25 identified or identifiable natural persons

   of this regulation (ECJ GRUR-RS 2022,
   8637 para. 67 et seq. – Meta Platforms Ireland/Bundesverband).



   Exactly this is to be affirmed in the dispute, because the defendant raises
   and uses positive data from identified and identifiable

   Consumers, namely their contractual partners. The data will

   also used for commercial purposes, namely for

   Creation of a profile (“Service Account”) or for another
   Data trading with a credit agency within the meaning of Section 2 (2) sentence 1

   No. 11 UKlaG. The defendant also transmits the data

   to use the credit reporting agency with others
   Telecommunications service providers data for the purpose of

   exchange scores.



cc This result is not based on the decision of the Federal Court of Justice dated
   10.11.2022 (Az. I ZR 186/17 - App-Zentrum) took place again

   submission to the ECJ. Because in the event of a dispute - is different than

   in the preliminary proceedings - not the question at issue as to whether

   an infringement of the law "as a result of processing" within the meaning of Art
   Art. 80 para. 2 GDPR applies if the data resulting from Art. 12 para. 1

   Sentence 1, Art. 13 Para. 1 Letter c) and e) GDPR

   information obligations have been violated. at issue
   In the present proceedings, the question is rather whether so-called

   Positive data on the basis of Art. 6 GDPR from the

   Defendant may be passed on to a credit agency.


dd. Also the return exemption from § 2 para. 2 sentence 2 UKlaG, according to

   which has no "comparable" commercial purpose i. s.d. § 2

   Para. 2 sentence 1 No. 11 UKlaG should exist if the
   personal data of a consumer from a

   Entrepreneur "exclusively for the justification, implementation

   or termination of a legal transaction or

   legal transaction-like obligation with the

                        26 consumers” are collected, processed or used, leads to

          no other result because the processing in dispute
          especially not about Article 6 Paragraph 1 Paragraph 1 Sentence 1 lit. b) GDPR

          is legitimate (cf. below: B. I. 3. a)).


       ee. As a result, the lawsuit is dated in the specific individual case

          Statutory purpose of the plaintiff covered, because the plaintiff is

          Working as a consumer advocate in the area of data protection law

          the complaint number 1. lit. a) is accordingly also open
          business dealings with consumers are restricted.


          That the data protection in the statute of the plaintiff - up to

          Amendment to the Articles of Association of September 21, 2022 (Annex K 9) - not

          was explicitly mentioned, is subject to the litigation authority of the

          plaintiff not against. The plaintiff is not obliged to
          the consumer-protecting data protection law as others

          Consumer protection legal provisions explicitly in

          to mention its statutes (ECJ GRUR-RS 2022, 8637 –
          Meta Platforms Ireland/Bundesverband, BGH GRUR 2012, 415

          Paragraphs 16 and 17 - supra-regional standing).



2. With regard to the application number 1. lit.b), the
   Litigation authority from §§ 3 para. 1 No. 1, 4 UKlaG i. V. m. § 1

   UKlaG i. V with § 307 BGB. Whether the data protection sheets of the defendants

   actually represent general terms and conditions, is a question of the merits (cf.
   below B. II.).



3. The question of whether a power to conduct litigation pursuant to Section 8 (3) No. 3

   UWG exists and the provisions of the GDPR are concerned
   Market behavior rules according to § 3a UWG is not required in this respect

   Decision.







                               27II. The plaintiff's applications in the most recent version dated March 14, 2023

       are sufficiently determined, Section 253 Paragraph 2 No. 2 ZPO.


       After the plaintiff made the legal reservation in the last application

       Paragraph 1. lit. a) dropped, it was no longer possible to decide on this.

       The one still used by the plaintiff in the most recent complaint
       The term "positive data" is not objectionable in the event of a dispute. In detail:



       1. An injunctive relief must not be so vague that
          the subject matter of the dispute and the scope of the audit and

          Decision-making power of the court (§ 308 Para. 1 ZPO) not recognizable

          are delimited, the defendant therefore does not defend itself exhaustively

          can and the decision about what the defendant is prohibited from
          ultimately left to the enforcement court. One

          However, application formulation requiring interpretation can then

          to be accepted if further specification is not
          possible and the selected application formulation for granting effective

          Legal protection is required (BGH GRUR 2017, 422 - ARD-Buffet, m.

          w. Nachw.). Nor is it fundamentally inadmissible to

          Claim to use terms that require interpretation. The
          Requirements for specifying the subject matter of the dispute in a

          Applications for injunctive relief also depend on the specifics

          of the respective subject area (cf. BGH GRUR 2002, 1088 -

          bonus bundle).


       2. According to these principles, the claims are sufficiently specific.

          The term "positive data" is used in the complaint number 1. lit. a).
          the addition "i.e. personal data that is not negative

          Payment experiences or other non-contractual behavior

          content, but information about the application,

          Execution and termination of a contract" clearly defined.
          The application is further specified by the fact that the

          specific infringement by reference to Annex K 3 in

          the application has been accepted. This is unequivocal

                                     28 recognizable in which characteristics of the attacked behavior the

          Basis and the starting point for the eventual
          Violation of data protection and thus the injunction should lie.



       3. The application is also not contradictory insofar as the words contained therein
          "Information about application, implementation (...)" are recorded, too

          if the defendant actually does not provide such data

          should transmit the conclusion of the contract, but only within the framework of the creditworthiness

          and identity query.


          Because in the event of a dispute, it is important that a corresponding
          Transfer based on the provisions of the defendants

          can take place and the provision used by the defendant

          is not as limited as it is - according to the defendant - in

          the concrete implementation takes place.


III. The administrative procedure via the Federal Commissioner for Data Protection

       and freedom of information does not prevail in the proceedings before the civil court
       before.



       Because regardless of the possibilities of an administrative

       Enforcement of public-law obligations of conduct exists
       The plaintiff's need for legal protection in the legal prosecution before the

       civil courts. Civil law protection for competitors and the

       administrative enforcement of public law
       Codes of conduct are basically independent

       side by side (cf. BGH, GRUR 2019, 298/300 - Uber Black II).



       Even in the event of a dispute, the civil proceedings see § 12a sentence 1 i. V. m. § 2
       Para. 2 Sentence 1 No. 11 UKlaG i. V. m. § 9 BDSG expressly a participation

       to the administrative authority. Accordingly, the

       Federal Commissioner for Data Protection and Freedom of Information

       involved in civil proceedings without the civil court being involved



                                     29 legal opinion would be bound (BGH GRUR 2006, 82 - Reinforced steel;

          Köhler, in: Köhler/Bornkamm/ Feddersen, UWG, 39th ed., § 3a, Rn. 1.44).


          Market behavior can only then no longer be allowed under fair competition law

          be objected to if it is by an administrative act of the competent
          authority has been expressly permitted and the administrative act is not void

          (BGH GRUR 2014, 405 - breath test II).



          From the lack of a complaint by the Federal Commissioner for
          Contrary to popular belief, data protection and freedom of information can

          of the defendants – such a conclusion cannot be drawn. Also is the

          Choosing the - possibly - easiest and fastest way from the
          Jurisprudence is not required.



   IV. The defendant finally does not get through with the fact that in relation to

          the application number 1. lit. b) there is no need for legal protection of the plaintiff,
          since it is aimed at the omission of the transmission of positive data,

          what cannot be achieved with the application. Considering

          the application number 1. lit. b) is also not included in the statement of claim

          directed, the omission of the transmission of positive data (this follows
          the plaintiff with application number 1. lit a.), but the omission of

          to obtain use of the disputed clause. In relation to

          this request, however, there is an (admitted) need for legal protection of the
          plaintiff.





                                         B.


I. The plaintiff can be sued by the defendant pursuant to §§ 3 Paragraph 1 No. 1, 4 UKlaG i. V. m. §§ 2

   Paragraph 1 sentence 1, paragraph 2 sentence 1 No. 11 lit b) UKlaG in conjunction with Art. 5, 6 GDPR demand,
   that the latter fails, after the conclusion of a telecommunications contract, to

   Positive data, i.e. personal data that is not negative

   Payment experiences or other non-contractual behavior regarding the content



                                         30 have, but information about the application, implementation and

represent the termination of a contract, to be transferred to credit reporting agencies.


1. The plaintiff has standing to sue. The plaintiff's right to act as in the list

       of the qualified institutions according to § 4 UKlaG
       Consumer protection association results from §§ 3 paragraph 1 sentence 1 number 1, 4 paragraph 1

       UKlaG. The GDPR is also a consumer protection standard within the meaning of Section 2

       Para. 1 sentence 1 no. 11 UKlaG (cf. Köhler, in: Köhler/Bornkamm/Feddersen,

       UWG, 39th edition, § 2 UKlaG, para. 30 c). On the remarks on
       Litigation authority (cf. A.I. above) is referred to.



2. The defendant has passive legitimacy. The transmission of personal
       Data is data processing in accordance with Art. 4 No. 2 GDPR. The defendant is

       as a telecommunications company that handles personal data entirely

       or partially automated (see Art. 2 GDPR) in the European Union

       processed, responsible according to Art. 4 No. 7, 5 Para. 1, Para. 2 DSGVO.


3. The disputed data transfer of personal data

       (cf. Appendix K 3) constitutes a violation of Art. 5, 6 GDPR.


       According to Art. 6 Para. 1 DSGVO, the processing is only lawful if

       at least one of the conditions set out in Art. 6 GDPR is met.

       This is not the case here. The transmission of the so-called positive data
       after the conclusion of the contract to credit bureaus, as in the case of a dispute to SCHUFA (cf.

       Appendix K3), takes place without a legal basis.


       a. The data processing is not covered by Article 6 Paragraph 1 Sentence 1 Letter b) GDPR

          covered because the defendant with the customer without the transmission of

          Positive data to credit bureaus can conclude contracts and these
          Data transmission to fulfill the contract or to carry it out

          pre-contractual measures is not required.



          This is already evident from the fact that even after setting the
          objected data transmission by the defendant until the clarification of the


                                      31 Legal position corresponding contracts and

   be settled.


   The contractual relationship does not stand and fall with the transmission of

   Positive data to credit bureaus.


   Insofar as such a contract is concluded with the transfer of positive data

   is simply less risky, this does not justify the

   Necessity of such a transmission in the legal sense.


b. The data processing is also not covered by Art. 6 (1) sentence 1 lit. f)

   DSGVO covered, since the interests of those affected in the protection of their
   Data and their fundamental rights the defendant's interests in the

   Transmission of the positive data to the credit agency prevail.



ah. The Chamber increases its acc. Article 6 Paragraph 1 Sentence 1 Letter f) GDPR
      appropriate consideration that different interests

      in principle also for the transmission of so-called positive data

      speak.


      Above all, from the point of view of the defendant, as

      Responsible within the meaning of Art. 6 Para. 1 Sentence 1 lit. f) GDPR

      highlighted fraud prevention and related
      avoiding damage in the tens of millions,

      which i.a. through an identity check based on the

      positive data or the prevention of identity theft

      the comparison with positive data is to be achieved.


      It can also be assumed that the notification is appropriate

      Data or their exchange via the credit agency for the reduction of the
      Defendants' credit and default risk and early

      Customer loyalty and a higher closing rate (because of

      increased acceptance rates).



                               32 A macroeconomic general and special preventive

      Interest in fraud prevention and control, an interest
      in better financial inclusion of the financially vulnerable

      consumers and also in improved opportunities for

      conclusion of contract are assumed.


      The same applies to the economic interests of third parties, here the

      Credit agency whose business model is based on the registration of data in the

      Reciprocity based on the functionality of
      credit bureaus and the accuracy of scores.



      Also those cited by the defendant for those affected
      Interests, such as more favorable contract terms through a

      Improvement of the score value of those affected, the possibility of

      better weighting of negative entries, protection against

      Over-indebtedness and an (extended) opportunity to close
      of initial contracts, can be used for the assessment to be made as

      be assumed given.



bb To what extent the reporting of positive data as a means of preserving the
      mentioned interests is actually suitable, in the event of a dispute

      stand there, because the defendant chooses to protect these interests

      with the transmission of the positive data in any case not the necessary
      and proportionate means, but from their point of view

      most effective method. This is not allowed.



      The defendant overlooks the fact that the registration of positive data as in
      Annex K 3 under the heading "Creation of a service account

      (SCHUFA)" described, not to protect all of them named

      and here as given given interests required within the meaning of
      mildest means (hereinafter (1)).







                               33 Furthermore, it overlooks the fact that conflicting interests,

   Fundamental rights and freedoms of the persons concerned by her
   named interests clearly outweigh (hereinafter (2)).



(1) There are, at least in relation to some of the interests pursued,
   in comparison to the disputed registration of the positive data

   milder means, d. H. Funds that have the same effectiveness without one

   comparable encroachment on the interests, fundamental rights and

   fundamental freedoms of the persons concerned.


   For example, with a view to improving graduation rates,

   an increase in the chances of concluding an initial contract
   as well as early customer loyalty an adjustment of the

   performance concept of the defendant, e.g. B. through contract models

   lower credit risks or hiring more

   (Qualified) staff for customer acquisition and customer care
   and customer rating a milder, but with an eye on the tracked

   End equals effective means. New performance concepts without

   increased credit risk and a (personnel) intensive

   Acquisition with higher control thresholds are also related to that
   The aim of protecting the individual from over-indebtedness and

   Reduction of a credit and default risk a milder means than that

   unprovoked registration of positive data from all customers.


   Regarding the interest in better inclusion financially

   weaker consumers or at generally more favorable tariffs (the

   may result from effective fraud prevention).
   For example, the possibility of calculating new tariff models or

   save costs elsewhere.


   What any (negative) conclusions from contextless negative data

   or non-existent data and the possible "chance" of the

   consumer on the improvement of his score through this

   As far as the presence of positive data is concerned, it is a milder one – and with

                            34 view of the not very comprehensive survey

   - Means not to draw negative conclusions from non-existent data
   pull.



   The interest of the credit bureaus in the positive data in relation to a
   Improving their score calculation and also as a basis for theirs

   Business model could eventually be based on with

   consent given personal data.


(2) Irrespective of any milder means, the defendant misjudges in relation

   to the entirety of the interests named by her, also with a view

   on the fundamentally legitimate general and special preventive
   Interest in combating fraud, protection against

   identity theft and - through protection from crime -

   Damage reduction in the tens of millions, the intensity

   of the intervention resulting from the general authorization to
   Reporting positive data based on her

   clause used and the weight of the protected

   Interests of the consumers affected by registration, what the

   disputed data transmission as a result
   makes disproportionate.


   (a) First of all, with regard to the depth of intervention, it should be noted that from

       the data protection notices of the defendant, the data subjects

       communicated by the defendant (cf. Annex K 3), none
       “Limiting” the transfer to mean that

       a certain value threshold or a certain contract period for

       the transmission of the positive data is decisive.


       In this respect, there is also no exclusion of the registration of

       Information about the "application" and "implementation" of a

       contract. It is true that the data only after

       conclusion of the contract, but that after



                           35Conclusion of contract only data on the "termination" of the

The clause does not result in the transmission of the contract.


The authorization and thus also the intervention takes place via the

disputed clause as a lump sum and without restriction
to a specific type of contract. Also “Information about the

Application, implementation" are explicitly mentioned.



The intervention thus goes much further than the defendant's
Weighing decision, which they refer to

made a restriction.


Accordingly, the defendant's objection that

in individual cases, a transfer of data to prevent fraud

may be admissible and the application is too broad in this regard.


The dispute is namely - also with a view to a possible admissible

Data transmission for fraud prevention - resulting from the of

the defendant's rights resulting from the clause used

Defendants (possibly via Fraud Prevention
go out). The clause or any about this clause

justified rights of the defendant to data transmission are as

specific act of infringement subject of - insofar
limited – request.



That between the rights to which the disputed clause

justified, and that may be admissible in individual cases
Transmission of data for fraud prevention purposes, none

identity exists, but with the one at issue

Clause established rights may go further than one
Transfer to prevent fraud, the defendant recognizes

because they - as a possible by the BfDI to be taken

administrative measure - an “express

Restriction to fraud prevention purposes”; see.

                     36 Margin number 16 of the posthumous pleading of March 28, 2023,

   sheet 227 d. A.) named.


(b) The defendant overlooks in its consideration, in particular in that of

   List of any legitimate interests of those affected,
   that consumer interests are not only represented in favorable contracts,

   Increase your market opportunities, protect against identity theft

   or protection against over-indebtedness, etc., but also and

   especially in the absence of impairments of their own
   Right.


   In the case of a dispute, the particular intensity of the

   Impairment and thus - mirror image - also the weight

   of the affected interests of the consumer lies in the fact that the

   Affected regardless of a specific contractual
   requirement and the specifically concluded contract (namely

   after conclusion of the contract) and independently of one's own

   Misconduct must disclose personal information in order to
   to pursue abstract-general goals, one of which is the consumer

   possibly in a next step (the contract is yes

   completed) and above all only indirectly (through - in

   Follow-up to a successful fight against fraud - better
   Tariffs/contract conditions or a "better" score)

   could benefit.


   In this respect, the defendant - who is in the

   Rest neither to a credit institution with a corresponding

   increased risk of default by a law enforcement agency

   acts - as a result in cooperation with the credit agency
   Unreasonable (since after the conclusion of the contract) retention of data

   particularly to combat fraud, which is far predominant

   Consumer concerns where neither a credit risk

   nor the risk of identity theft or otherwise
   fraudulent behavior exists.


                        37This constitutes a serious violation of the interests of them
affected consumer. In this respect, the consumer argues

the right to informational self-determination as a result of the

General personality rights according to Article 2 Paragraph 1 GG i. V. m.
Art. 1 para. 1 GG or the right to protection

personal data in the form of Art. 8 EU

Fundamental Rights Charter.


Also, and moreover, the consumer is faced with an undermining

Economization of one's own data as an outflow of the general one

Personal rights and the protection of personal data
Data (Engeler, The conflict between the data market and

Privacy Policy, NJW 2022, 3398). Because present are

the data - as the defendant itself submits - a consideration

in the “mutual” system of theirs
Cooperation with the credit bureaus.



Incidentally, the data collection on the part of the defendant leads to

a significant information imbalance between the
Consumers on the one hand and the contractual partner or

the credit reporting agency on the other hand, thereby changing the position of the

consumer and consequently also his rights - such as the
contractual autonomy – will be significantly weakened. this applies

all the more so as a compulsion can arise indirectly, if possible

divulge comprehensive information to about

Negative ratings solely due to non-existent
information to avoid.



In this respect, the "good reputation" of the consumer (cf. Krämer, in:
Wollff/Brink, BeckOK data protection law, 43rd edition, § 31 BDSG,

Rn. 1e), which is characterized by a negative score or the

Absence of positive data and a consequent



                     38 negative conclusion is violated by passing the one

   Data to the credit agency significantly affected protected goods.


(c) In this respect, no one disputes for the defendant

   legislative will to transfer data also from
   Positive data, which the defendant in accordance with § 31 BDSG in the sense of a

   "Especially" in comparison to negative data. Then

   even if credit bureaus with the calculation of

   Score values based on reported negative data
   approved by the legal system and desired by society

   function (cf. BGH CR 2020, 405), the transmission takes place

   of negative data following any "misconduct"
   of the person concerned and not "without cause" what - unlike in the case of

   Positive data - in the balance for the data users too

   is to be taken into account.


(d) The reference to information, objection and deletion rights

   also does not lead to any other weighing decision, because

   these rights protect the consumer in the event of a legitimate

   Data processing, but they do not legitimize any
   data processing. This would be - as the plaintiff rightly so

   executed - a circular argument.


(e) Finally, is also of a fundamental interest and also

   a (general personal) right of consumers

   to assume, even about data transmissions concerning them

   decide. Any expectations of those affected in
   Reference to such a data transfer does not change anything.


(f) As a result, the interests of consumers

   protection against an indiscriminate and indiscriminate survey

   your personal data to achieve general

   abstract goals, in whose advantage they usually at best



                         39 can come indirectly, the interests of the defendant, about

                    of (general-abstract) fraud prevention, clearly predominates.


                (g) The person involved in the procedure according to § 12 a UKlaG, § 9 BDSG

                    Federal Commissioner for Data Protection and the
                    Freedom of information considered in an abstract general

                    Consideration a lump sum provided for in contractual clauses

                    Reporting of information such as admission and termination

                    of a telecommunication contract connected with name,
                    Address and date of birth to a credit agency without one

                    Consent also not permissible for data protection law.


4. The consumer protection interest in making the claim

       exists, cf. Section 2 (1) UKlaG. A mistake in individual cases lies with the targeted

       selected design (Annex K 3).


5. Due to the infringing action that has taken place, that is for the asserted

       Injunctive relief required risk of repetition given. one the

       has a punitive cease-and-desist declaration that eliminates the risk of repetition

       the defendant did not surrender. As far as a data transmission after the
       Information provided by the defendant has so far only been given to a limited extent

       should, there is at least one in the scope of the data protection notices issued

       corresponding risk of first ascent. The first ascent or
       In the present case, the risk of repetition is not eliminated by

       that the defendant will continue to transfer the data until the legal situation has been clarified

       exposed (Bornkamm, in: Köhler/Bornkamm/Feddersen, 41st edition,

       UWG § 8 para. 1.49).


6. Whether there is also a violation in the infringement act at issue

       the UWG can be seen, therefore, no decision is required.


II. The plaintiff does not press with regard to the application for injunctive relief, number 1 lit

       through. The clause in the data protection information challenged with the application

       of the defendant does not represent any terms and conditions within the meaning of § 305 para. 1 sentence 1 BGB.

                                         401. Whether separate from the actual terms and conditions
   "Data protection notices" are to be regarded as contractual terms

   depends on whether they give the consumer the impression that he wants them

   must be countered as a binding regulation in the event of a dispute. For the
   The distinction should therefore be based on the recipient horizon. One

   Contract condition within the meaning of § 305 paragraph 1 sentence 1 BGB exists if

   general instructions according to their objective wording at the recipients

   give the impression that the content of a contractual
   legal relationship (KG, judgment of 27.12.2018 - 23 U

   196/13, BeckRS 2018, 38941; see also: Brinkmann, in:

   Gsell/Krüger/Lorenz/Reymann, beck-online.LARGE COMMENT, BGB §
   307, paragraph 100).



2. In the event of a dispute, the disputed clause in

   Data protection information sheet (see Section 9, heading “Creation of a
   Service account (SCHUFA)", Appendix K 3) as a mere one-sided announcement

   certain data processing practices by the defendant

   gives the (incorrect) impression that the defendant is therein

   designated data processing is justified without it being based on the
   the consumer's consent, i.e. even without him in this respect

   had choices.


   In this respect, the plaintiff's argument that the defendant could -

   as an alternative to the disputed data transmission - data on
   on the basis of the consent of the persons concerned, against him.


   As a result, the clause does not present itself as

   "Contract condition" that would be attached to any consent, and

   is therefore not a "General Terms and Conditions" according to § 305 BGB.


3. A claim for injunctive relief pursuant to Sections 1, 3 (1) No. 1 UKlaG i. V. m.

   § 307 paragraph 1, 2 no. 2 BGB i. In conjunction with Art. 5 Para. 1 lit a) and Art. 6 Para. 1 GDPR

   therefore does not exist in the result.


                                  41 Delivered on 04/25/2023




______________________________

Registrar of the office

















































                43