Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Germany: BGH rules name of DPO not essential in privacy policy or access request
On May 14, 2024, the Federal Court of Germany (BGH) issued its decision in Case No. VI ZR 370/22, in which it held that the name of the data protection officer (DPO) is not required to be disclosed in the privacy policy or when responding to data subject requests under the General Data Protection Regulation (GDPR).
Background to the decision
The plaintiff in the present case requested access to information from the defendant, a bank, alleging, among other things, that the defendant provided incomplete information and that the name of the defendant's DPO was not provided.
Findings of the BGH
The BGH found that when communicating the contact details of the DPO in accordance with Article 13(1)(b) of the GDPR, the mention of the name is not mandatory. It is sufficient for the person concerned to provide the information necessary for the accessibility of the responsible authority, such as contact details. Similarly, the name of the DPO is not necessary to be provided under Article 15(1) of the GDPR.
Outcomes
The appeal was dismissed as inadmissible by the BGH.
You can read the decision, only available in German, here.