[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fEkazfhD3K5nfDpGt7XQRonCK9GdLdSTw7UxNuh1RZJo":3},{"article":4,"iocs":42},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":25,"category":26,"article_tags":30},"39bcb477-009f-415b-a214-c970f5f97888","AG Arnsberg - 42 C 434\u002F23","ag-arnsberg-42-c-434-23-54fe7b","← Older revision Revision as of 09:21, 13 July 2026 Line 75: Line 75: The controller refused to provide the requested information in April 2023 as it considered the request to constitute abuse of rights. It cited newspaper reports indicating that the defendant had subscribed to numerous newsletters solely for the purpose of asserting claims for damages. The controller brought proceedings concerning the legality of its rejection of the access request. The data subject demanded access to the information required by in [[Article 15 GDPR]] and the payment of monetary compensation of €1,000 in a counter-lawsuit. The controller refused to provide the requested information in April 2023 as it considered the request to constitute abuse of rights. It cited newspaper reports indicating that the defendant had subscribed to numerous newsletters solely for the purpose of asserting claims for damages. The controller brought proceedings concerning the legality of its rejection of the access request. The data subject demanded access to the information required by in [[Article 15 GDPR]] and the payment of monetary compensation of €1,000 in a counter-lawsuit. The court referred the case to the CJEU for a preliminary ruling in July 2024. The CJEU rendered its judgment in the case [[CJEU - C-526\u002F24 - Brillen Rottler|C-526\u002F24 Brillen Rottler]] on 19 March 2026. It held that even an initial access request could be rejected on the grounds of an abuse of rights. According to the CJEU, the assessment of abusive conduct is based on all circumstances of the individual case. Both objective circumstances and the subjective intent of the data subject need to be taken into account. An abusive intent always exists if the access request is made in order to artificially create a claim for damages. The court referred the case to the CJEU for a preliminary ruling in July 2024. The CJEU rendered its judgment in the case [[CJEU - C-526\u002F24 - Brillen Rottler|C-526\u002F24 ''Brillen Rottler'']] on 19 March 2026. It held that even an initial access request could be rejected on the grounds of an abuse of rights. According to the CJEU, the assessment of abusive conduct is based on all circumstances of the individual case. Both objective circumstances and the subjective intent of the data subject need to be taken into account. An abusive intent always exists if the access request is made in order to artificially create a claim for damages. === Holding === === Holding ===","The German court AG Arnsberg referred a case to the CJEU regarding a data subject's GDPR access request. The controller refused the request, citing newspaper reports that the individual subscribed to newsletters solely to assert damage claims. The CJEU ruled that even an initial access request can be rejected if it constitutes an abuse of rights, particularly if the intent is to artificially create a claim for damages.","CJEU rules initial GDPR access requests can be rejected if made to artificially create damage claims.","Help AG Arnsberg - 42 C 434\u002F23: Difference between revisions From GDPRhub Jump to:navigation, search ← Older editVisualWikitext Revision as of 07:14, 13 July 2026 view sourceAv (talk | contribs)Bureaucrats, Interface administrators, noContributionReport, Administrators76 editsTag: Visual edit← Older edit Latest revision as of 09:21, 13 July 2026 view source Av (talk | contribs)Bureaucrats, Interface administrators, noContributionReport, Administrators76 editsmTag: Visual edit Line 75: Line 75: The controller refused to provide the requested information in April 2023 as it considered the request to constitute abuse of rights. It cited newspaper reports indicating that the defendant had subscribed to numerous newsletters solely for the purpose of asserting claims for damages. The controller brought proceedings concerning the legality of its rejection of the access request. The data subject demanded access to the information required by in [[Article 15 GDPR]] and the payment of monetary compensation of €1,000 in a counter-lawsuit. The controller refused to provide the requested information in April 2023 as it considered the request to constitute abuse of rights. It cited newspaper reports indicating that the defendant had subscribed to numerous newsletters solely for the purpose of asserting claims for damages. The controller brought proceedings concerning the legality of its rejection of the access request. The data subject demanded access to the information required by in [[Article 15 GDPR]] and the payment of monetary compensation of €1,000 in a counter-lawsuit. The court referred the case to the CJEU for a preliminary ruling in July 2024. The CJEU rendered its judgment in the case [[CJEU - C-526\u002F24 - Brillen Rottler|C-526\u002F24 Brillen Rottler]] on 19 March 2026. It held that even an initial access request could be rejected on the grounds of an abuse of rights. According to the CJEU, the assessment of abusive conduct is based on all circumstances of the individual case. Both objective circumstances and the subjective intent of the data subject need to be taken into account. An abusive intent always exists if the access request is made in order to artificially create a claim for damages.The court referred the case to the CJEU for a preliminary ruling in July 2024. The CJEU rendered its judgment in the case [[CJEU - C-526\u002F24 - Brillen Rottler|C-526\u002F24 ''Brillen Rottler'']] on 19 March 2026. It held that even an initial access request could be rejected on the grounds of an abuse of rights. According to the CJEU, the assessment of abusive conduct is based on all circumstances of the individual case. Both objective circumstances and the subjective intent of the data subject need to be taken into account. An abusive intent always exists if the access request is made in order to artificially create a claim for damages. === Holding ====== Holding === Latest revision as of 09:21, 13 July 2026 AG Arnsberg - 42 C 434\u002F23 Court: AG Arnsberg (Germany) Jurisdiction: Germany Relevant Law: Article 12(5)(b) GDPR Article 15 GDPR Article 82 GDPR Decided: 01.07.2026 Published: 01.07.2026 Parties: Brillen Rottler GmbH & Co. KG National Case Number\u002FName: 42 C 434\u002F23 European Case Law Identifier: Appeal from: Appeal to: Unknown Original Language(s): German Original Source: TRÖBER legal (in German) Initial Contributor: av A court held that a controller may reject a first access request as excessive under Article 12(5)(b) GDPR if the data subject requests access with the abusive intent to artificially create a claim for damages against the controller. Contents 1 English Summary 1.1 Facts 1.2 Holding 2 Comment 3 Further Resources 4 English Machine Translation of the Decision English Summary Facts An Austrian citizen residing in Vienna (the data subject) subscribed to the newsletter of a family-run optician company (the controller) mainly operating in the German states of North Rhine-Westphalia and Lower Saxony in March 2023. During the registration process, he provided his email address as well as his first and last name and consented to the processing of his personal data. He then made an access request under Article 15 GDPR by fax, using letterhead that included his full home address, email address, and fax number. The controller refused to provide the requested information in April 2023 as it considered the request to constitute abuse of rights. It cited newspaper reports indicating that the defendant had subscribed to numerous newsletters solely for the purpose of asserting claims for damages. The controller brought proceedings concerning the legality of its rejection of the access request. The data subject demanded access to the information required by in Article 15 GDPR and the payment of monetary compensation of €1,000 in a counter-lawsuit. The court referred the case to the CJEU for a preliminary ruling in July 2024. The CJEU rendered its judgment in the case C-526\u002F24 Brillen Rottler on 19 March 2026. It held that even an initial access request could be rejected on the grounds of an abuse of rights. According to the CJEU, the assessment of abusive conduct is based on all circumstances of the individual case. Both objective circumstances and the subjective intent of the data subject need to be taken into account. An abusive intent always exists if the access request is made in order to artificially create a claim for damages. Holding The court held that the lawsuit had originally been well-founded and ruled that the counterclaims were without merit. According to the court, the controller could reject the data subject’s access request as excessive under Article 12(5)(b) GDPR. The data subject also had no right to damages under Article 82 GDPR due to the absence of a GDPR violation. The court referred to the preliminary ruling in the case C-526\u002F24 and based its decision on an overall assessment of the objective and subjective circumstances of the present case as required by the CJEU decision. It held that the data subject’s conduct had been abusive. To the conviction of the court, there were numerous indications of abusive conduct: first, the data subject had voluntarily disclosed more personal data than was needed to subscribe to the newsletter. Second, the court could not identify any personal interest in a regional newsletter concerning operations in Nordrhein-Westfalen, as the data subject was an Austrian resident. In addition, the court took into account that the data subject had made the access request only nine days after subscribing to the newsletter and had not filed a complaint with the competent DPA before raising a claim for damages. Finally, information on the internet about numerous cease-and-desist letters sent by the data subject pointed to abusive conduct. Comment Share your comments here! Further Resources Share blogs or news articles here! English Machine Translation of the Decision The decision below is a machine translation of the German original. Please refer to the German original for more details. 42 C 434\u002F23 Arnsberg Local Court IN THE NAME OF THE PEOPLE Judgment In the legal dispute between GmbH & Co. KG, represented by its general partner, Verwaltungsgesellschaft mbH, which is represented by its managing directors, and Arnsberg, Plaintiff and Defendant in Counterclaim, Attorneys: Tröber, Am Mittelhafen 10, 48155 Münster, against Mr. , , Austria, Defendant and Counterclaimant, Attorneys: Arnsberg Local Court, in written proceedings with a deadline for filing written submissions until June 1, 2026, by Judge rule as follows: 2 The counterclaim is dismissed. The defendant shall bear the costs of the proceedings and the preliminary ruling procedure (Case No. C-526\u002F24). The defendant shall bear the costs of the proceedings and the preliminary ruling procedure. The judgment is provisionally enforceable upon provision of security in the amount of 110% of the respective amount to be enforced. Facts: The parties are in dispute, in the context of the claim","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=AG_Arnsberg_-_42_C_434\u002F23&diff=52192&oldid=52190","https:\u002F\u002Fgdprhub.eu\u002Fimages\u002F4\u002F4c\u002FCourts_logo1.png","2026-07-13T09:21:13+00:00","2026-07-13T10:00:14.745836+00:00",7,[18,21,23],{"name":19,"type":20},"GDPR","product",{"name":22,"type":20},"CJEU",{"name":24,"type":20},"Brillen Rottler","c5c77cdb-f7d7-4990-9436-c81dcbff1163",{"id":25,"icon":27,"name":28,"slug":29},null,"Policy","policy",[31,35,37],{"category":32},{"id":33,"icon":27,"name":19,"slug":34},"3f0f8451-91df-4b6c-9a73-ef3b2509b7f1","gdpr",{"category":36},{"id":25,"icon":27,"name":28,"slug":29},{"category":38},{"id":39,"icon":27,"name":40,"slug":41},"d95477d7-eb04-4fad-a2dc-be1428040ce7","Privacy Fines","privacy-fines",[]]