Rb. Gelderland - 365592

From GDPRhub
Revision as of 21:30, 22 March 2021 by Curious Mouse (talk | contribs) (Created page with "{{COURTdecisionBOX |Jurisdiction=Netherlands |Court-BG-Color= |Courtlogo=Courts_logo1.png |Court_Abbrevation=Rb. Gelderland |Court_With_Country=Rb. Gelderland (Netherlands)...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Rb. Gelderland - 365592
Courts logo1.png
Court: Rb. Gelderland (Netherlands)
Jurisdiction: Netherlands
Relevant Law: Article 12 GDPR
Article 15 GDPR
Art 41 UAVG
Decided: 24.08.2020
Published: 22.02.2021
Parties: STICHTING RECLASSERING NEDERLAND
National Case Number/Name: 365592
European Case Law Identifier: ECLI:NL:RBGEL:2020:7103
Appeal from:
Appeal to: Unknown
Original Language(s): Dutch
Original Source: de Rechtspraak (in Dutch)
Initial Contributor: n/a

The District Court of Gelderland rules that plaintiff is entitled to access his personal data in the internal notes and communication between the employees of Parole Office and in the Parole Office’s correspondence with the Public Prosecutor’s Office and the Custodial Institutions Agency.

English Summary

Facts

The Parole Office processed personal data of the plaintiff while he was on probation between 2014 and 2020. On 13 august 2018 plaintiff submitted the right of access request to the Parole Office. On 9 November 2018 the Parole Office provided plaintiff with the overview of the documents, notes and emails that contain his personal data. The overview included the number, date, and a short explanation of each document. For example: “24. 1-12-2014 Email with client regarding the appointment”. The Parole Office excluded the following categories of documents from the overview and did not provide them to the plaintiff: 1) Internal notes and communication between the employees of the Parole Office about the rehabilitation process; 2) The correspondence and communication between the Parole Office and the Public Prosecutor’s Office about the rehabilitation process; 3) The correspondence and communication between the Parole Office and the Custodial Institutions Agency about the rehabilitation process.


Dispute

The plaintiff requests the Parole Office to provide him with a full overview of the documents containing his personal data, he also requests to be allowed to access to these documents, should he want to. The Parole Office explained to the plaintiff that the excluded documents fall under statutory exceptions for two reasons: a) this will help its employees and the employees of the concerned agencies to perform their tasks and freely exchange opinions, which is necessary for the execution of their duties; b) These documents cannot be shared with the plaintiff to protect privacy and personal data of the employees of the concerned agencies. The Parole Office also argued that its own internal reports are not personal data, but rather the impressions of the Parole Office employees. The Parole Office refers to a judgment of the Court of Justice of the European Union of June 17, 2014 (joined cases C-141/12 and C-372/12), in which it was ruled that a legal analysis based on personal data as such does not qualify as personal data.


Holding

The Court first assessed whether the access request indeed concerns personal data within the meaning of the GDPR, then decided whether the Parole Office was right in denying the plaintiff access to this information. Finally the Court looked into how the Parole Office must provide access to plaintiff’s personal data in this case.

Does this access request refer to "personal data" within the meaning of the GDPR?

The Court’s answer is “yes”.

The Court considers that the reports compiled by the Parole Office contain not only the plaintiff’s name, address and information about the interviews themselves, but also information about his non-verbal communication, use of voice, notes his answers to specific questions and tracks how these answers change over time, reflects on the aspects of the plaintiff’s personality and how he thinks. This information must be regarded as personal data, which means that plaintiff has the right to access these documents.

Was the Parole Office right in denying the plaintiff access to this information?

The Court’s answer is “no”.

Under the Dutch GDPR Implementation Act, data controller may, among other things, limit the right of access if this is necessary for the functioning of the criminal justice system, for purposes of public interest and for the protection of the rights and freedoms of others. The Court points out that the right of inspection cannot be limited automatically and in advance simply because the documents in question concern confidential internal correspondence or notes in which personal thoughts and/or advice are expressed, which have been compiled for the internal review or decision-making. In Court’s view, the Parole Office failed to demonstrate why allowing access to the internal notes and correspondence is so detrimental to the position and the tasks of the agencies in question and that restricting the right of access is a necessary and proportionate measure. The Court also notes that the rehabilitation trajectory of the plaintiff ended in 2020, which means that the work of the concerned agencies cannot be obstructed by the plaintiff’s access to these records. The rights and freedoms of the employees of the concerned agencies can protected by anonymizing the notes in such a way that the records cannot be traced back to the employees who made them.

In what way should the access to plaintiff’s personal data be granted?

Request 1: complete overview of the documents which contain plaintiff’s personal data. This purpose of this overview is to make it easy for the plaintiff to further specify his access request, so it does not mention any personal data in general. The Court concludes that the plaintiff is entitled to a complete overview of the documents, including the internal notes of the Parole Office and the communication between the Parole Office, the Public Prosecutor’s Office and the Custodial Institutions Agency. Request 2: access to the documents from the overview. The Court considered that the documents themselves do not constitute personal data, so they are not covered by the GDPR’s right of access. However, there is a right to a complete overview of all personal data in a comprehensible form. Which means, that where a document contains facts and evaluations of characteristics and conduct of an individual, that individual is entitled to an (edited) copy of the document because it’s the most efficient way to provide the information which is as complete as possible and on the basis of which the legitimacy and the accuracy of the processing can be verified. The Court concludes that the plaintiff is entitled to receive (edited copies) of the documents which contain his personal data, including the internal notes of the Parole Office and the communication between the Parole Office, the Public Prosecutor’s Office and the Custodial Institutions Agency.


Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the Dutch original. Please refer to the Dutch original for more details.