Skip to content
News
EN

AG Arnsberg - 42 C 434/23

GDPRhub

Content

A court held that a controller may reject a first access request as excessive under Article 12(5)(b) GDPR if the data subject requests access with the abusive intent to artificially create a claim for damages against the controller. English Summary. Facts. An Austrian citizen residing in Vienna (the data subject) subscribed to the newsletter of a family-run optician company (the controller) mainly operating in the German states of North Rhine-Westphalia and Lower Saxony in March 2023. During the registration process, he provided his email address as well as his first and last name and consented to the processing of his personal data. He then made an access request under Article 15 GDPR by fax, using letterhead that included his full home address, email address, and fax number. The controller refused to provide the requested information in April 2023 as it considered the request to constitute abuse of rights. It cited newspaper reports indicating that the defendant had subscribed to num

Related across sources

Similar Content