RVS - 202105980/1/A3
RVS - 202105980/1/A3 | |
---|---|
Court: | RVS (Netherlands) |
Jurisdiction: | Netherlands |
Relevant Law: | Article 15 GDPR |
Decided: | 12.04.2023 |
Published: | 12.04.2023 |
Parties: | Minister van Financiën |
National Case Number/Name: | 202105980/1/A3 |
European Case Law Identifier: | ECLI:NL:RVS:2023:1427 |
Appeal from: | Rechtbank Amsterdam 20/6874 |
Appeal to: | Not appealed |
Original Language(s): | Dutch |
Original Source: | RvS 202105980/1/A3 (in Dutch) |
Initial Contributor: | Matthias Smet |
The Council of State has declared unfounded an appeal lodged in connection with proceedings about the insufficient provision of information by the Minister of finance in the exercise of the data subject's rights of access and information.
English Summary
Facts
On 20 April 2020, appellant exercised according to Article 15 GDPR his right of access and information to his personal data by sending a requst to the Minister of Finance, more specifically about whether his data were processed in the system Fraude Signalering Voorziening (FSV) other secret databases and/or systems used by the Ministry. After a reply from the minister stating that the appellant's personal data could not be found in the FVS, the appellant submits an objection due to receiving an insufficient answer to the question asked. Appellant claims that the Minister could not limit himself to searching FVS alone, but also had to consult all other systems in response to his request. It refers to a prior investigation by KPMG which stated that 'it was not possible to identify all similar applications, which can lead to processes that were not included in the scope of the investigation'. In addition, the appellant claims that the minister did not provide sufficient information in his decision regarding the search method used.
In his decision as a result of the objection, the minister maintained his position . As a consequence, the appellant lodged an appeal with the District Court of Amsterdam, which declared the appeal unfounded. The appellant also lodged an appeal with the Council of State against the decision of the District Court of Amsterdam
Holding
Regarding the first complaint, the Council states that the report of KMPG, which mentions possible applications that have not been identified, does not imply that it is plausible that there are other systems whose existence is kept secret by the tax authorities and the ministry.
Next, the Council of State confirms that in his answer to the request of access and information the minister has provided sufficient insight into how he searched for personal data and indicated that other search methods would have led to a similar result. The Council of State therefore does not regard this working method as negligent.
For the above reasons, the Council of State declares the appeal unfounded and upholds the contested decision.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Dutch original. Please refer to the Dutch original for more details.
Authority Council of State Date statement 12-04-2023 Date publication 12-04-2023 Case number 202105980/1/A3 Jurisdictions Administrative law Special characteristics Appeal Content indication By decision of 20 July 2020, the Minister of Finance decided on [plaintiff]'s request for access to his personal data. In a letter dated 31 March 2020, [plaintiff] requested the Tax and Customs Administration to inform him, pursuant to Article 15 of the General Data Protection Regulation, whether his personal data are being processed in the Fraud Identification Facility or other secret systems and databases. If that is the case, he wishes to inspect that data, as well as a copy thereof. In a letter dated 31 March 2020, [plaintiff] requested the Tax and Customs Administration to inform him, pursuant to Article 15 of the General Data Protection Regulation, whether his personal data are being processed in the Fraud Identification Facility or other secret systems and databases. If that is the case, he wishes to inspect that data, as well as a copy thereof. The Minister has indicated by decision of 20 July 2020 that no personal data of [plaintiff] will be processed in the FSV. The minister upheld his decision on appeal and the court declared the appeal lodged against it unfounded. Locations Rechtspraak.nl Enriched pronunciation Pronunciation 202105980/1/A3. Judgment date: April 12, 2023 DEPARTMENT ADMINISTRATIVE LAW Judgment on the appeal of: [plaintiff], residing at [place of residence], against the judgment of the District Court of Amsterdam of 23 July 2021 in case no. 20/6874 in the proceedings between: [appellant] and the Minister of Finance. Process flow By decision of 20 July 2020, the Minister decided on [plaintiff]'s request for access to his personal data. By decision of 23 November 2020, the Minister declared the objection lodged against this by [plaintiff] to be unfounded. In a judgment of 23 July 2021, the court declared the appeal lodged against this by [plaintiff] unfounded. This statement is attached. The appellant has appealed against this decision. The Division handled the case at the hearing of March 8, 2023, where [plaintiff], assisted by mr. R.G. Meester, lawyer in Amsterdam, and the minister, represented by mr. drs. I.A. Huppertz, have appeared. Considerations Introduction 1. In a letter dated 31 March 2020, [plaintiff] requested the Tax and Customs Administration to inform him, pursuant to Article 15 of the General Data Protection Regulation (hereinafter: the GDPR), whether his personal data are being processed in the Fraud Identification Facility (hereinafter: the FSV) or other secret systems and databases. If that is the case, he wishes to inspect that data, as well as a copy thereof. The Minister has indicated by decision of 20 July 2020 that no personal data of [plaintiff] will be processed in the FSV. The minister upheld his decision on appeal and the court declared the appeal lodged against it unfounded. Appeal 2. [plaintiff] argues that his request is not only about the FSV, but about all black lists used by the Tax and Customs Administration. The minister should therefore have also searched for personal data in those other lists. [plaintiff] cannot be expected to know all lists and to know whether they are blacklists. He cannot therefore state the names of those lists or systems in his request, but the minister must include them in the investigation. According to him, the court did not recognize this. In addition, [plaintiff] argues that the Minister has not sufficiently motivated how the FSV was searched for his personal data. The officials who handled his GDPR request do not have access to the FSV themselves and are therefore unable to provide an explanation based on their own observations. The minister must therefore submit an official statement from the person who searched the FSV. It is also hard to believe that the FSV can only be searched by surname and citizen service number (hereinafter: BSN). In a letter to the House of Representatives dated 28 April 2020 (Parliamentary Papers II, 2019/2020, 31066, no. 632), the State Secretary also indicated that various departments and local offices of the Tax and Customs Administration deal with the FSV in different ways. [plaintiff] argues that the Tax and Customs Administration itself therefore does not know how and where the system is used. The Data Protection Impact Assessment (GEB/PIA) Rijksdienst FSV shows that it is possible to make a system dump via the Excel export function, so that different search terms can be easily searched. The minister has wrongly failed to make use of it. Finally, various circumstances show that he has been included in the FSV, according to [plaintiff]. Assessment of appeal Scope of the request 3. Article 15 of the GDPR gives someone the right to obtain information about whether or not personal data concerning them is being processed and to obtain access to that personal data. The applicant's request under this article reads as follows: "Clients wish to exercise the aforementioned rights (read: the rights referred to in Article 15 of the AVG) vis-à-vis the Tax and Customs Administration. More specifically, clients wish to know whether the Tax and Customs Administration (in the past) (has) processed personal data in in connection with - in short - the FSV as described above, as well as any other system / database the existence of which is kept secret by the Tax and Customs Administration. If that is the case, they wish to inspect and obtain a copy of that personal data. in the case of the Tax Authorities to receive the information as referred to in Article 15, paragraph 1 a to h GDPR." 3.1. The Division agrees with the judgment of the District Court and with the considerations included under 7.3 in the judgment under appeal, on which that judgment is based. The court rightly ruled that the request is not formulated in such a broad way that every system is undeterminedly included. 3.2. During the hearing at the Department, [plaintiff] also referred to a letter from the State Secretary of Finance to the President of the House of Representatives dated 10 July 2020 about an investigation by KPMG into the FSV (Parliamentary Papers II, 2019/2020, 31 066, No. 681, p.4). It says: "It was not possible with the information available and in the time available for KPMG to identify all applications and oversight processes similar to FSV, which may have left processes with use for risk signals out of sight." Contrary to what [plaintiff] argues, it does not follow from this that it is plausible that there are other systems whose existence is kept secret by the Tax and Customs Administration and that the Minister should have searched for personal data in those systems. The argument fails. Has the minister provided sufficient insight into the search? 4. In the decision of 20 July 2020, the Minister explained the search for personal data as follows: "With regard to your request regarding the Fraud Signaling Facility (FSV), I can inform you that personal data, such as your name and citizen service number, do not appear in this application. For the sake of completeness, I inform you that the application was cleaned on February 27, 2020. On the application was also turned off on the same day. A reserve file (backup) was then kept from the situation of February 26, 2020, so before the cleaning. The reserve file is in a secure environment for further investigation, including by the Dutch Data Protection Authority. The data in the reserve file will no longer be used. After completion of the said investigation, the data from the backup will be destroyed. When your request was processed, the reserve file was searched. Your personal data, such as your name and citizen service number, are not in the backup file." In his statement of defense and during the court hearing, the minister explained that the FSV can only be searched by surname and citizen service number. In addition, the minister explained that the so-called 'non-visible archive' of the FSV was also searched. During the session at the Department, the Minister once again explained the search options in the FSV. 4.1. With the explanation he provided, the Minister has provided sufficient insight into how he searched for personal data. He has made it plausible that he has done everything reasonably possible to retrieve the personal data of [plaintiff]. No personal details of [plaintiff] were found in the FSV. Although it is possible to make a system dump of the FSV with the Excel export function so that a search can also be made by date of birth, company name or address, it is unlikely that the minister would find any personal data. As the minister explained during the session, all systems are linked to the BSN. There are no further concrete indications that [plaintiff] is nevertheless listed in the FSV. During the court hearing, the Minister explained that in another procedure instituted by [plaintiff] and in this GDPR procedure, the relevant employees of the Tax and Customs Administration started making inquiries internally in response to the objections expressed by [plaintiff] in both proceedings. . As a result of that inquiry, information about [plaintiff] emerged that was not yet known to those employees at that time. With this, the minister has sufficiently refuted that this information must come from the FSV, as [plaintiff] argues. The authorized representative of the minister in these proceedings, who does not have access to the FSV himself, was allowed to rely on the findings of the colleague who had access to the FSV and searched for personal data there. That behavior is not negligent. The minister was not required to submit a statement from that colleague. The argument fails. Conclusion 5. The appeal is unfounded. The attacked decision needs to be confirmed. 6. The minister does not have to pay any costs of proceedings. Decision The Administrative Jurisdiction Division of the Council of State: confirms the challenged statement. Thus established by mr. E. Steendijk, chairman, and mr. J.TH. Drop and Mr. C.H. Bangma, members, in the presence of mr. R.J.A. Meerman, clerk. e.g. Steendijk chair e.g. Merman clerk Pronounced in public on April 12, 2023 960