OLG Nurem­berg: Gene­ral pro­hi­bi­ti­on of abu­se of rights in the GDPR (here on the right to information)

English 
English  Deutsch  Français 

Aut­ho­ri­ty

Indu­stry

Laws

Tags

Content 

The Nurem­berg Hig­her Regio­nal Court (OLG) has ruled with Judgment of 13 July 2021 like other dis­hes befo­re ruled that the GDPR reco­gnizes a gene­ral pro­hi­bi­ti­on of abu­se of rights with regard to data sub­ject requests:

(4) Final­ly, the asser­ted right to infor­ma­ti­on does not ari­se from Artic­le 15 (1) of the GDPR. This is becau­se the defen­dant has a right of refu­sal under Artic­le 12 (5) sen­tence 2 lit. b) GDPR. The pro­vi­si­on mere­ly lists fre­quent repe­ti­ti­on as an exam­p­le of an “exce­s­si­ve” request. The use of the word “in par­ti­cu­lar,” howe­ver, makes it clear that the pro­vi­si­on also intends to cover other abu­si­ve appli­ca­ti­ons […].

Inte­re­st­ing: Sedes mate­riae is not Art. 15 GDPR, but rather Art. 12 para. 5 DSGVOwhich refers not only to Art. 15 GDPR (right of access), but also to the infor­ma­ti­on obli­ga­ti­on under Art. 13 and 14 GDPR and the other data sub­ject rights (Art. 16 – 22), and also to Art. 34 (noti­fi­ca­ti­on of a data breach). For all of the­se claims, the data con­trol­ler can the­r­e­fo­re invo­ke abu­se of rights, pro­vi­ded that the con­di­ti­ons are met in detail (which will pri­ma­ri­ly app­ly to the right of access).

The Abu­se of rights must then be mea­su­red against the pro­tec­ti­ve pur­po­se of the GDPR, among other things:

When inter­pre­ting what con­sti­tu­tes abu­se of rights in this sen­se, the pro­tec­ti­ve pur­po­se of the GDPR must also be taken into account. As can be seen from reci­tal 63 of the Regu­la­ti­on, the pur­po­se of the right to infor­ma­ti­on stan­dar­di­zed in Art. 15 GDPR is to enable the data sub­ject to obtain it easi­ly and at rea­sonable inter­vals, Be awa­re of the pro­ce­s­sing of per­so­nal data con­cer­ning them and be able to veri­fy the lawful­ness of such pro­ce­s­sing […]. Howe­ver, the plain­ti­ff is obvious­ly not con­cer­ned with such an awa­re­ness for the pur­po­se of revie­w­ing the per­mis­si­bi­li­ty of the pro­ce­s­sing of per­so­nal data under data pro­tec­tion law. The pur­po­se of the infor­ma­ti­on he is see­king is rather – as is clear from the com­bi­na­ti­on with the inad­mis­si­ble claims for a decla­ra­to­ry judgment and payment – to Exclu­si­ve­ly revie­w­ing any pre­mi­um adjust­ments made by the defen­dant. due to pos­si­ble for­mal defi­ci­en­ci­es pur­su­ant to Sec­tion 203 (5) WG. Howe­ver, such an approach is not cover­ed by the pro­tec­ti­ve pur­po­se of the GDPR […].

This case law coin­ci­des with that of the Fede­ral Court to Art. 8 DPA.