RvS - 202107090/1/A3: Difference between revisions
(changed the short summary a bit and wording slightly.) |
No edit summary |
||
Line 80: | Line 80: | ||
The CoS also stated that if there is a legal obligation to store files in the exercise of official authority vested in the controller, then the right to erasure under [[article 17 GDPR|Article 17]] is not applicable as long as the retention period runs, as stated in [[article 17 GDPR#3b|Article 17(3)(b)]]. Archiving as such does not breach the GDPR. | The CoS also stated that if there is a legal obligation to store files in the exercise of official authority vested in the controller, then the right to erasure under [[article 17 GDPR|Article 17]] is not applicable as long as the retention period runs, as stated in [[article 17 GDPR#3b|Article 17(3)(b)]]. Archiving as such does not breach the GDPR. | ||
Consequently, the CoS declared the appeal unfounded. | |||
== Comment == | == Comment == |
Revision as of 09:41, 18 July 2023
RvS - 202107090/1/A3 | |
---|---|
Court: | RvS (Netherlands) |
Jurisdiction: | Netherlands |
Relevant Law: | Article 17(3)(b) GDPR Archiefwet |
Decided: | 12.07.2023 |
Published: | 12.07.2023 |
Parties: | Uitvoeringsinstituut Werknemersverzekeringen |
National Case Number/Name: | 202107090/1/A3 |
European Case Law Identifier: | ECLI:NL:RVS:2023:2681 |
Appeal from: | RBNHO 20/4820 |
Appeal to: | |
Original Language(s): | Dutch |
Original Source: | Raad van State (in Dutch) |
Initial Contributor: | Enzo Marquet |
The Dutch Council of State confirmed that if there is a legal obligation to retain files in the exercise of a legal obligation vested in the controller, then the right to erasure under Article 17 is not applicable as stated in Article 17(3)(b).
English Summary
Facts
The data subject requested the Employee Insurance Agency (a governmental organisation, controller), to delete her phone number because she no longer wanted to be contacted by them. She also requested the erasure of her phone number from two messages which were stored in the digital 'mailbox' of the controller.
The controller deleted her number for contacting purposes, but refused to delete her number from the digital mailbox. It argued that these documents were part of their social security files and must be stored on the basis of a legal obligation arising from the Archiefwet (Archive Law).
The data subject brought an action with the Court of Noord-Holland (case 20/4820), which considered that the controller was not obligated to delete the phone number from their files. She appealed this decision with the Council of State, claiming that the controller unlawfully processed her data and that it was not necessary to store it. In her view, the Archiefwet did not provide a legal basis for processing and it breached the principles of minimisation, lawfulness and necessity.
Holding
The Dutch Council of State (CoS) considered that the data subject did not bring additionnal arguments than in first instance and that the Court of Noord-Holland adequately motivated its decision.
The CoS also stated that if there is a legal obligation to store files in the exercise of official authority vested in the controller, then the right to erasure under Article 17 is not applicable as long as the retention period runs, as stated in Article 17(3)(b). Archiving as such does not breach the GDPR.
Consequently, the CoS declared the appeal unfounded.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Dutch original. Please refer to the Dutch original for more details.