Rb. Midden-Nederland - UTR 20/268: Difference between revisions
No edit summary |
|||
(11 intermediate revisions by 3 users not shown) | |||
Line 19: | Line 19: | ||
|Year=2021 | |Year=2021 | ||
|GDPR_Article_1=Article 4 GDPR | |||
|GDPR_Article_Link_1=Article 4 GDPR | |||
|GDPR_Article_2=Article 12 GDPR | |||
|GDPR_Article_Link_2=Article 12 GDPR | |||
|GDPR_Article_3=Article 15 GDPR | |||
|GDPR_Article_Link_3=Article 15 GDPR | |||
|Party_Name_1= | |Party_Name_1= | ||
Line 41: | Line 40: | ||
|Appeal_From_Body= | |Appeal_From_Body= | ||
|Appeal_From_Case_Number_Name= | |Appeal_From_Case_Number_Name= | ||
|Appeal_From_Status= | |Appeal_From_Status=n/a | ||
|Appeal_From_Link= | |Appeal_From_Link= | ||
|Appeal_To_Body= | |Appeal_To_Body= | ||
|Appeal_To_Case_Number_Name= | |Appeal_To_Case_Number_Name= | ||
|Appeal_To_Status= | |Appeal_To_Status=n/a | ||
|Appeal_To_Link= | |Appeal_To_Link= | ||
Line 51: | Line 50: | ||
| | | | ||
}} | }} | ||
The District Court of Midden-Nederland held that the definition of “personal data” generally includes a data subjects’ alias, but that this did not apply to internal correspondence between the complainant and their organisational unit in the context of the processing of their asylum application. | |||
== English Summary == | ==English Summary== | ||
=== Facts=== | |||
This matter concerns a claimant’s access request which was only partially addressed. The data subject objected to the controller’s decision and argued that his request should have included information linked to his name, his alias, and internal correspondence between the defendant and its organisational unit (TOELT) relating to the processing of his asylum application. | |||
=== Facts === | |||
This matter concerns | |||
On the one side, the complainant relied on [[Article 12 GDPR]] and [[Article 15 GDPR#1|Article 15(1) GDPR]], and referred to a judgment of [https://uitspraken.rechtspraak.nl/inziendocument?id=ECLI:NL:GHDHA:2019:2398 the Court of Appeal in The Hague] and the [[CJEU - C-434/16 - Peter Nowak|Nowak judgment by the CJEU]] in support of his interpretation of the notion of personal data. The controller, on the other side, maintained that the definition of personal data does not include internal correspondence nor the claimant’s alias. | |||
=== Holding === | ===Holding=== | ||
The court turned to the definition contained in [[Article 4 GDPR]] to determine whether an alias forms part of one’s personal data and declared the controller’s understanding as incorrect. The court held that ''“[t]his alias was used by the claimant... and can therefore be directly linked to the claimant himself.''” Hence, the scope of personal data includes someone's alias. | |||
In its assessment of whether this was also the case for internal correspondence between the controller and TOELT, the court distinguished the present matter from the case law referred to by the complainant. It further noted that a CJEU judgment relied on by the controller predates the GDPR but maintains its relevance to the interpretation of the right of access and rectification. | |||
== Comment == | The court considered the CJEU’s reasoning, that if the applicant’s right of access were to be extended to the legal analysis of the residence permit process, it would no longer serve the purpose of the GDPR and would ensure the applicant access to administrative documents, which the GDPR does not provide for. Thus, the internal correspondence between the controller and TOELT was excluded from the scope of the notion of personal data. | ||
==Comment== | |||
''Share your comments here!'' | ''Share your comments here!'' | ||
== Further Resources == | ==Further Resources== | ||
''Share blogs or news articles here!'' | ''Share blogs or news articles here!'' | ||
== English Machine Translation of the Decision == | ==English Machine Translation of the Decision== | ||
The decision below is a machine translation of the Dutch original. Please refer to the Dutch original for more details. | The decision below is a machine translation of the Dutch original. Please refer to the Dutch original for more details. | ||
Latest revision as of 15:58, 5 November 2021
Rb. Midden-Nederland - UTR 20/268 | |
---|---|
Court: | Rb. Midden-Nederland (Netherlands) |
Jurisdiction: | Netherlands |
Relevant Law: | Article 4 GDPR Article 12 GDPR Article 15 GDPR |
Decided: | 12.01.2021 |
Published: | 22.10.2021 |
Parties: | |
National Case Number/Name: | UTR 20/268 |
European Case Law Identifier: | ECLI:NL:RBMNE:2021:39 |
Appeal from: | |
Appeal to: | n/a |
Original Language(s): | Dutch |
Original Source: | Rechtspraak.nl (in Dutch) |
Initial Contributor: | Anike Malherbe |
The District Court of Midden-Nederland held that the definition of “personal data” generally includes a data subjects’ alias, but that this did not apply to internal correspondence between the complainant and their organisational unit in the context of the processing of their asylum application.
English Summary
Facts
This matter concerns a claimant’s access request which was only partially addressed. The data subject objected to the controller’s decision and argued that his request should have included information linked to his name, his alias, and internal correspondence between the defendant and its organisational unit (TOELT) relating to the processing of his asylum application.
On the one side, the complainant relied on Article 12 GDPR and Article 15(1) GDPR, and referred to a judgment of the Court of Appeal in The Hague and the Nowak judgment by the CJEU in support of his interpretation of the notion of personal data. The controller, on the other side, maintained that the definition of personal data does not include internal correspondence nor the claimant’s alias.
Holding
The court turned to the definition contained in Article 4 GDPR to determine whether an alias forms part of one’s personal data and declared the controller’s understanding as incorrect. The court held that “[t]his alias was used by the claimant... and can therefore be directly linked to the claimant himself.” Hence, the scope of personal data includes someone's alias.
In its assessment of whether this was also the case for internal correspondence between the controller and TOELT, the court distinguished the present matter from the case law referred to by the complainant. It further noted that a CJEU judgment relied on by the controller predates the GDPR but maintains its relevance to the interpretation of the right of access and rectification.
The court considered the CJEU’s reasoning, that if the applicant’s right of access were to be extended to the legal analysis of the residence permit process, it would no longer serve the purpose of the GDPR and would ensure the applicant access to administrative documents, which the GDPR does not provide for. Thus, the internal correspondence between the controller and TOELT was excluded from the scope of the notion of personal data.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Dutch original. Please refer to the Dutch original for more details.