Austria: NOYB issues complaint against CRIF for violating right to information, data correctness, and transparency
The None of your business–European Center for Digital Rights ('NOYB') announced, on 4 August 2020, that it had issued a complaint ('the Complaint') with the Austrian data protection authority ('DSB') against the credit rating agency CRIF GmbH, which is active in 28 states, for violating the right to information, data correctness, and transparency in a proceeding regarding the negative rating of an applicant for an electricity contract. In particular, NOYB held that the application for an electricity contract had been rejected by the energy provider based on an insufficient credit check based on an assessment conducted by CRIF. Furthermore, NOYB held that the rejected applicant had received a yellow rating and a scoring of 446 points by CRIF and that when asked to provide access to the applicant's information stored, CRIF responded that they no longer had any data on him. Moreover, CRIF held that it had not conducted a credit rating on the applicant and that the rejection of the energy contract was based on a decision taken by the energy provider.
Furthermore, NOYB held that the applicant found that CRIF had violated his right to information under Article 15 of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') because CRIF only provided incomplete data, contrary to the principle of data correctness under Article 5(1)(d) of the GDPR, as CRIF transferred (potentially invented) incorrect data to the energy provider. In addition, NOYB highlighted that CRIF had violated the principle of transparency under Article 5(1)(a) of the GDPR.
Finally, NOYB announced that the Complaint is the first step in its mission to examine credit rating agencies in Europe over the next months and years and to conduct proceedings under the GDPR in relevant cases.