Rb. Midden-Nederland - C/16/526196/ HA RK / 21-01

From GDPRhub
Revision as of 11:58, 5 December 2022 by N.pehch (talk | contribs) (Created page with "{{COURTdecisionBOX |Jurisdiction=Netherlands |Court-BG-Color= |Courtlogo=Courts_logo1.png |Court_Abbrevation=Rb. Midden-Nederland |Court_Original_Name=Rechtbank Midden-Nederl...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Rb. Midden-Nederland - C/16/526196/ HA RK / 21-01
Courts logo1.png
Court: Rb. Midden-Nederland (Netherlands)
Jurisdiction: Netherlands
Relevant Law: Article 6 GDPR
Article 9 GDPR
Article 12 GDPR
Article 14(5) GDPR
Article 15 GDPR
Article 17 GDPR
Article 34 GDPR
Article 82 GDPR
Decided: 24.08.2022
Published: 25.11.2022
Parties:
National Case Number/Name: C/16/526196/ HA RK / 21-01
European Case Law Identifier:
Appeal from:
Appeal to:
Original Language(s): Dutch
Original Source: de Rechtspraak (in Dutch)
Initial Contributor: n.pehch

Dutch Court decides on several requests made by data subject. Ultimately, the Court finds two infringements by the controller. Yet, the claims for material and immaterial damages suffered by the data subject were insufficient and lacked a causal link

English Summary

Facts

The applicant’s marriage to Ms D was converted into a registered partnership, after which the applicant and Ms D entered into a covenant for the termination of the registered partnership and a partial dissolution of the matrimonial community of property. The community of property was successfully dissolved in 2004.

In the abovementioned covenant, the applicant and Ms D had agreed to continue their joined ownership of the life insurance policy. In particular, there was first an obligation to share the value with each other upon payment and second Ms D had the obligation to reimburse the applicant annually for the subscription of the insurance.

A dispute arose in relation to ASR’s compliance with the GDPR obligations. Hence, the applicant will be referred to as the data subject and ASR will be referred to as data controller.

In particular, the data controller informed the data subject of the personal data kept on him by the data controller. However, the data subject believed that this information was inaccurate and incomplete. Therefore, the data subject initiated several procedures against the data controller.

The first four requests concern the right to inspection. Precisely, a request for full access of the data subject’s data kept by the data controller, based on article 15 GDPR. Moreover, a request for an overview of the contacts the data controller had with third parties, as well as a list of documents added to the data subject’s file on request of third parties. Finally, the data subject requested a copy of the complete file of his documents from either 2004 or 2016 onwards.

With his final three requests, the data subject asked the court to order the data controller to handle the agreement with the data subject in accordance with the GDPR, to delete all personal data of the data subject after proper termination of the agreement and to order a payment of the material and immaterial damages suffered by the improper implementation of the GDPR.

Holding

First, the Court acknowledged that the right to inspection under article 15 GDPR is not absolute or unlimited, but that its purpose is to enable the data subject to check if their personal data has been processed lawfully and in a correct manner. Moreover, the court acknowledged that an exception to this right are circumstances where it is impossible to fulfill this obligation adequately.

In addition, the court acknowledged that the principles of proportionality and subsidiarity must be complied in the recording of the personal data, as well as the maintaining of the data and subsequent changes. Moreover, the interference with personal data is only allowed for the purposes served by the processing, where the processing is the only possible way to achieve these purposes successfully.

In relation to the first request, the Court concluded that the information which was initially provided by the controller to the data subject was sufficient, meeting all the requirements in article 12 GDPR. Precisely, this information was provided in a clear and concise manner.

In relation to the fourth request, the Court concluded that the data controller was under no obligation to provide the data subject with the complete file. Precisely, in relation to the data subject’s medical personal data, the Court found that the data controller was right to inform the data subject of the medical adviser who had his personal data at disposal and concluded that this was done in a clear and concise manner. Therefore, the data controller did not breach the duty to inform.

In relation to the obligation to inform the data subject of the information submitted by Ms D, the Court found that the data controller was under no such obligation due to the circumstances of the case. In particular, the information submitted by Ms D was the divorce covenant. Therefore, it was reasonable of the controller to assume that the data subject had the divorce covenant at his disposal, which is why it was not necessary to inform him about this. For this argument, reference was made to article 14(5)(a) GDPR.

Moreover, the Court concluded that the data controller did not communicate the data subject's personal data to third parties, other than Ms D. Specifically, the Court found that this claim by the data subject was found on an unsound factual basis.

The court also concluded that the data controller had a sufficient and plausible legal basis to request information from Ms D for the purposes of arriving at a correct financial settlement.

In relation to a summary and transcripts of conducted (phone) conversations, emails and apps, the Court concluded that the data controller did not violate their obligation. To specify, the Court explained that according to article 15 GDPR, the data subject is only entitled to an inspection of the personal data in these email conversations relating to him. The data controller argued that after verification, such personal data was included in the information initially provided to the data subject before the proceeding in Court. The data subject did not sufficiently object to this.

Moreover, the Court noted that the possible internal notes in the data subjects’ file by the data controller’s employees also fall under the grounds of restriction under article 23 GDPR.

The court found two infringements by the data controller.

First, it found that the controller wrongfully disclosed the data subject’s email address and policy number to Ms D. Precisely, because the data subject did not consent to this, nor did the controller satisfy any on the grounds mentioned under article 6 GDPR. However, the Court concluded that an immediate notification sent to the data subject was not necessary under article 34 GDPR. In particular because the disclosed information did not represent a high risk to the data subject.

The second infringement concerns the processing of special personal data which was not in accordance with article 9 GDPR. Specifically, a reference was made to the data subject’s condition known as severe rheumatism. The Court concluded that the processing of this personal data constitutes a violation of the proportionality and subsidiarity principles.

In respect of the fifth question, the Court established that this is not a breach of the GDPR, but a dispute which should be solved under national civil law. Hence, the GDPR is not applicable.

In relation to the sixth question, the Court concluded that considering that the insurance still has not been settled, the personal data is still necessary for the purposes of the settlement. Hence, the data controller still has a legal basis for the processing of the data. However, once the dispute is settled, the data should be delighted in accordance with article 17 GDPR.

In relation to the 7th and final question, the Court gave a thorough analysis.

First, the Court confirmed that the GDPR and in particular article 82 provide a legal basis for compensation in procedures like the one at hand.

Second, the GDPR does not specify how (im)material damages should be determined and calculated, but leaves it up to all MS to decide this question due to the lack of common legislation. However, recital 146 states that the data controller should compensate the data subject in respect to all of the damages, while the concept of damages should be interpreted broadly in accordance with the CJEU’s case law.

The damages to be compensated must be real and certain. For the purposes of this case, the Court relied on article 6:95 et seq. of the Civil Code. The burden of proof was on the data subject.

In relation to immaterial damages, the data subject argued that he suffered a mental injury as a consequence of the disclosure of his information to Ms D. Furthermore, he argued that because of this mental injury he was forced to move to Spain. However, the Court found this claim is not sufficiently substined, and that the data subject failed to establish a causal connection.

In relation to the material damages, the data subject is seeking compensation for the move to Spain, medical and extrajudicial expenses. However, the Court found again that the data subject's arguments were not sufficient and that he failed to establish a connection between the costs and the data controller’s infringement.

The court ordered the data subject to pay the costs of the proceedings, which are assessed on the part of the data controller at a total amount of € 2,904 until the present judgment.

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the Dutch original. Please refer to the Dutch original for more details. 

COURT CENTRAL NETHERLANDS

Civil rights

Chamber of Commerce

location Utrecht

case number / application number: C/16/526196/ HA RK / 21-201

Order of 24 August 2022

regarding

Mr [applicant],

living in [town] ,

applicant,

lawyer mr. I. Brouwer,

against:

the limited liability company [respondent] N.V.,

established and having its office in [place of business] ,

defendant,

attorney mr. A. Holtland.

The parties are hereinafter referred to as [applicant] and ASR.

The Personal Data Protection Act is hereinafter referred to as WBP, the General Data Protection Regulation as AVG and the General Data Protection Regulation Implementation Act as UAVG.

1 The course of the procedure

1.1.

On August 11, 2021, [applicant] submitted a petition with exhibits to the registry of this court.

1.2.

A production was received from ASR on November 10, 2021.

1.3.

On January 20, 2022, [applicant] submitted a response to the exhibit sent by ASR, as well as an addition/amendment to the request, including exhibits.

1.4.

On 24 January 2022, ASR submitted a statement of defense with exhibits to the registry of this court.

1.5.

At the joint request of the parties, dated January 26, 2022, an oral hearing previously scheduled by the Registrar on January 31, 2022, for which the parties had been summoned, has been postponed.

1.6.

A further response with exhibits to the statement of defense was received from [applicant] on 31 May 2022.

1.7.

The clerk has summoned the parties to the court hearing on 7 June 2022. The oral hearing took place via video conference (Teams).

1.8.

The following appeared at the hearing of 7 June 2022:
- mr. Brouwer, lawyer mentioned above;
- mr. A. Holtland, lawyer mentioned above;
- Ms. [A] , [function] employed by ASR;
- Ms. [B] , [function] employed by ASR.

During the oral hearing, the parties further explained their positions, (the lawyer of) ASR also on the basis of a pleading note. A record has been kept of the proceedings at the hearing.

1.9.

Finally, judgment is determined to date.

2 Request and defence

2.1.

After amending the request, [applicant] - rendered succinctly - asks the court to:

- order ASR to:

1. to provide full insight into the processing of his personal data by ASR on the basis of Article 15 paragraph 1 GDPR;

2. to provide an overview of the contacts that ASR has had with third parties, including the ex-wife of [applicant] and with the intermediary Mrs [C], as well as to submit letters/e-mails sent by and to third parties in this file have been sent from 2016;

3. to provide an overview of documents that have been added to the file of [applicant] at the request of third parties (with the name of the third party and the date on which this was done);

4. provide a copy of the complete file from 2004, at least from 2016, at least to be determined by the court;

- order ASR to:

5. handling of the agreement with [applicant] in accordance with the protection of personal data, in particular GDPR/UAVG;

6. erase all personal data of [applicant] after proper termination of the agreement;

7. payment of the material and immaterial damage pursuant to Article 82 paragraph 1 AVG, as described in the petition, that [applicant] has suffered as a result of the breach by ASR of the Personal Data Protection Act (Wbp) and the AVG/UAVG ;

8. payment of legal costs.

2.2.

ASR has defended itself against the amended request of [applicant]. She concludes that it should be rejected.

2.3.

The arguments and defenses of the parties will be discussed in more detail below, insofar as relevant.

3 The Dispute

This case concerns the following

3.1.

[applicant] , who married [D] in community of property on [1974] , took out a life insurance policy (policy number [policy number 1] ) on 24 October 1981 with AMEV Levensverzekering N.V., hereinafter AMEV. The end date of this insurance was October 24, 2020. Before that, AMEV merged with ASR. For this reason, ASR must now be regarded as the policy provider. On this policy, [applicant] is designated as the first and [D] as the second insured. The intermediary/insurance advisor of [applicant] is [C].

3.2.

The marriage between [applicant] and [D] was converted into a registered partnership on [2004]. Subsequently, on [2004] they entered into a covenant to terminate the registered partnership and (partial) dissolution of the matrimonial property. This covenant was entered in the registers of civil status on [2004] and from that date the community of property existing between them was formally dissolved.

3.3.

In the aforementioned covenant, the parties have made a number of agreements regarding the division of the dissolved community of property. In Article 3.6. it states, insofar as relevant to this case, that [applicant] and [D] wish to retain joint ownership of the asset referred to below:

….

- the life insurance taken out with AMEV under policy number [policy number 1] under the obligation to share the value with each other upon payment and under the obligation of [D] to annually reimburse half of the premium paid to him by [applicant].

….

3.4.

A penetrating difference of opinion has arisen between [applicant] and ASR about the question to whom ASR should pay the released capital (more than € 10,000). In addition, a dispute has arisen between them about whether ASR - in short - has complied with its GDPR obligations.

3.5.

ASR has informed [applicant] by letter dated 28 June 2021, supplemented by letter dated 9 November 2021, about the personal data it has kept of him. [Applicant] is of the opinion that the overview provided is incorrect and incomplete and that ASR acted unlawfully in doing so. Correspondence on this issue has not led to an agreement. For that reason, [applicant] has started these proceedings against ASR.

4 The assessment

Right entrance.

4.1.

Articles 79 GDPR in conjunction with 35 UAVG entitle [applicant] to apply to the court with a request to obtain from ASR (as controller) a decision about and/or access to and/or deletion of the data processed in relation to him. personal data. Despite the fact that the six-week period as referred to in Article 35 paragraph 2 UAVG has been exceeded, [applicant] can be received in his request.

After all, ASR did not reply to [applicant] within the period referred to in Article 12 paragraph 3 GDPR, nor did it inform him that it wished to extend the aforementioned period (by two months).

The access request.

4.2.

General.

4.2.1.

The court states first and foremost that the right of inspection as referred to in Article 15 GDPR is not absolute or unlimited. Its purpose is that the data subject can properly check whether his or her personal data have been processed correctly and lawfully. Against this background, the data subject is in principle entitled to a complete overview, in an understandable form, of all processed personal data and not to (copies of) the original documents in which these have been processed. This is only different if the aforementioned obligation cannot be adequately complied with in any other way; all depending on the concrete circumstances of the case.

4.2.2.

The registration of personal data, and its enforcement in the event of subsequent changes in circumstances, must comply with the principles of proportionality and subsidiarity. The infringement of the interests of the person concerned by the processing of personal data may not be disproportionate to the purpose to be served with the processing (principle of proportionality). Furthermore, the purpose for which personal data are processed should not reasonably be achieved in another way that is less detrimental to the person involved in the processing of personal data (subsidiarity principle).

4.3.

Requests one through four.

4.3.1.

These requests relate to the right of inspection. In short, the dispute between the parties is whether ASR has fulfilled its inspection and information obligations as further described in the GDPR. In letters dated 28 June 2021 and 9 November 2021, ASR provided [applicant] with overviews of the personal data it processed from him. In her statement of defense and during the oral hearing (see the pleadings) she explained this in more detail. The objections put forward by [the applicant] against this are discussed below. Despite the fact that [applicant] had two insurance policies with ASR (a life insurance policy with policy number [policy number 1] and a term life insurance policy with policy number [policy number 2] ), the request for inspection focuses specifically on the life insurance policy, as it appears from the statements of [applicant].

4.3.2.

The exercise of [the applicant's] right of inspection in general.

The court finds that the information provided by ASR on June 28 and November 9, 2021 meets the requirements set by Article 12 GDPR. This was communicated to [applicant] in a concise, transparent, intelligible, easily accessible form and in clear and plain language. In accordance with settled case law on this point, ASR is not obliged to provide [applicant] with a copy of the complete file. In the opinion of the court, there is no question of a refusal by ASR to provide [applicant] with his medical personal data. Both on June 28 and November 9, 2021, and repeated at the hearing, ASR stated that it is not she, but her medical adviser who has these personal data. She has informed [applicant], stating the relevant e-mail address, about the way in which he can request this information. This does not lead to the conclusion that ASR has thereby violated its obligation to provide information. On the contrary, it indicates that ASR handles the medical personal data of [applicant] in the legally prescribed and (therefore) careful manner.

4.3.3.

The personal data of [applicant] provided/received to/from [D].

ASR processed the divorce agreement sent to her by [D], or at least parts thereof, in 2016 and 2020 and ASR in turn sent [D] the policy schedule of the life insurance policy. Contrary to what has been argued by [applicant], the court considers it sufficiently plausible that there is a legal basis for this and that the processing thereof must therefore in principle be regarded as lawful. After all, the content of the divorce settlement and the policy, viewed in mutual relation and cohesion, offered sufficient starting points for ASR to assume that processing thereof is necessary for the fulfillment of its legal obligation to settle the life insurance contract. It is true that only [applicant] and ASR are parties to this, but that does not alter the fact that [D] (under the covenant) may be financially co-entitled. For the sake of clarity: the (financial) settlement of the life insurance policy is not at stake in this procedure. This will be returned to later.

The circumstance that ASR could assume that [applicant] also had the divorce agreement, released it from the obligation to notify [applicant] thereof within one month after receipt of (parts of) the agreement by [D] in 2016 and 2020. In this context, reference is made to Article 14, paragraph 5 sub a GDPR.

The fact that this was different in 2016 under the WBP has not been argued by [applicant].

4.3.4

Has ASR provided personal data of [applicant] to an unknown third party?

[applicant] has stated that ASR has sent e-mails containing his personal data to an unknown third party ( [E] ). The court considers that this assertion is based on an unsound factual basis. It is sufficiently clear from the e-mails submitted that [D] uses the e-mail address: [E..] @ [...] .nl. That the aforementioned or other personal data of [applicant] were sent to persons other than [D] has not been stated or proven.

4.3.5.

Has ASR requested [D] to provide personal data of [applicant]?

In this regard, [applicant] referred to the email of 26 October 2020 (Appendix 6 statement of defence), which allegedly shows that ASR has asked [D] to provide a copy of [applicant]'s identification and the details of his bank account.

The court is of the opinion that this statement is based on an incorrect reading of the email in question. It follows unambiguously from the text that both [applicant] and [D] are separately requested to provide a number of (personal) data to ASR.

Contrary to what has been argued by [applicant], it is sufficiently plausible that ASR does indeed have a legal obligation to (also) request information from [D]. It did this with the aim of achieving a correct financial settlement of the life insurance policy.

4.3.6.

An overview and transcripts of (telephone) conversations, emails and apps.

ASR has put forward a motivated defense against this request from [applicant]. First of all, she stated that she never makes transcripts of (telephone) conversations and that no text messages were sent or received in [applicant]'s file. Although this was on his side, [applicant] has not contradicted this statement (with reasons), so that it must be assumed in law that it is correct. Subsequently, ASR acknowledged that telephone conversations and e-mails were sent or received in the file of [applicant]. She has added – rightly in the opinion of the court – that, pursuant to Article 15 GDPR, [the applicant] is only entitled to inspect the personal data concerning him, which appear in these (telephone) conversations and e-mails. ASR has stated that, after checking, it has included the personal data of [applicant] contained therein in the overviews of 28 June and 9 November 2021. The correctness of this statement has also not been contradicted by [applicant], at least with insufficient reasons.

Finally, it is noted that, although this part of the request does not explicitly mention this, the possible internal notes of employees in the file of [applicant] fall under (one of) the grounds for restriction of Articles 23 GDPR in conjunction with 41 UAVG.

4.3.7.

Breaches of GDPR by ASR.

It is not in dispute between the parties that ASR wrongly disclosed the email address of [applicant] and the policy number to his ex partner [D]. In the absence of permission from [applicant] or another processing ground referred to in Article 6 GDPR, this conduct of ASR must be qualified as unlawful. [applicant] also added that ASR also failed to immediately report the aforementioned infringement to [applicant] on the basis of the provisions of Article 34 GDPR. The court does not consider such an immediate notification necessary because it has not been sufficiently established that the mere (erroneous) provision of the email address of [applicant] to [D] entails a high risk for the rights and freedoms of [applicant] .

A second GDPR infringement concerns the fact that ASR has processed special personal data (originating from [D] ) of [applicant]. Reference is made to Exhibit 6 in the statement of defense in which it is stated that [applicant] has “very rheumatism”. This concerns a special category of personal data of [applicant] that may not be processed by ASR pursuant to Article 9 of the GDPR. It has not been argued or proven that one of the exceptions of paragraph 2 of the aforementioned article occurs. The court adds that when processing the aforementioned (special) personal data, ASR acted in violation of the proportionality and subsidiarity requirement as described in more detail in legal consideration 4.2.2. For the implementation of ASR's legal obligation, there was no need to provide the email address of [applicant] to [D], nor was it authorized to process the special personal data concerning the health of [applicant]. The above is all the more pressing now that ASR was aware that [the applicant] had an intermediary/insurance adviser ( [C] ). On the question of whether and, if so, to what extent both infringements give rise to the award of damages, legal consideration 4.5. in more detail.

The insurance dispute between [applicant] and ASR.

4.4.

The (amended) requests five and six.

4.4.1.

These requests relate to the conflict that has arisen between [applicant] and ASR regarding the settlement (read: payment) of the insurance policy. This is not a breach of the GDPR but a civil insurance dispute to be assessed and decided under national civil law. The AVG does not provide any basis and/or leads to substantively assess and decide on this dispute. For that reason, [the applicant] must be declared inadmissible in the fifth application. The same goes for the sixth request. As the insurance dispute between [applicant] and ASR has not yet been settled (finally), the legal basis for the processing of the personal data of [applicant] by ASR still exists. Only after settlement of the insurance policy in a financial sense will the situation arise that the personal data of [applicant] must be deleted at any time. The cases in which and the conditions under which this must take place are further described in Article 17 GDPR. If ASR does not comply with this (in time), [applicant] must first turn to ASR in order to provoke a decision as referred to in Article 35 UAVG. Only then is [applicant] free to turn to the court with a request to order ASR to erase the personal data it wishes.

The requested compensation.

4.5.

Seven the (amended) request.

4.5.1.

In this, [applicant] - in short - requested the court to order ASR to pay him material and immaterial damages as a result of the infringement that ASR committed against the WBP and GDPR.

4.5.2.

In the opinion of the court, unlike the settlement of the insurance dispute, the GDPR in Article 82 does indeed provide a direct basis for compensation in petition proceedings such as the present one. This is all the more pressing now that Article 284 Rv stipulates that the rules of evidence as laid down in Articles 149 to 207 apply mutatis mutandis to the application procedure. In addition, it is also appropriate from the point of view of effectiveness and procedural economy to “include” a request for compensation under Article 82 GDPR in these proceedings. The defense put forward by ASR that there is no room for a claim for damages in these petition proceedings must therefore be rejected.

4.5.3.

The GDPR does not specify how the (im)material damage must be determined and calculated. According to settled case law of the Court of Justice, in the absence of Community legislation, it is for the internal legal order of each Member State to lay down the rules for the exercise of the right to compensation, provided that the principles of equivalence and effectiveness are observed. However, recital 146 in the preamble to the GDPR should be taken into account. It states that the controller must compensate all damage and that the concept of damage must be interpreted broadly in the light of the case law of the Court of Justice; this in a manner that fully meets the objectives of the GDPR.

4.5.4.

Although the Austrian court has already submitted questions to the Court of Justice for a preliminary ruling, the Court has not yet explained the concept of damage or the compensable (im)material damage in the event of unlawful processing of personal data. It can be deduced from settled case law of the Court that the damage to be compensated must be real and certain. Against the background outlined above, the court will base its assessment of the compensation requested by [applicant] on national law; more specifically the provisions 6:95 et seq. of the Dutch Civil Code.

4.5.5.

The obligation to furnish proof and the burden of proof with regard to the alleged damage rests on [the applicant].

He has claimed an amount of € 50,000 for immaterial damage. For the substantiation of this, please refer to the petition (page 5) and the further responses on 20 January and 31 May 2022. ASR has put forward a motivated defense against this.

4.5.6.

In this regard, the following is considered.

For the disadvantage that does not consist of financial loss, [applicant] has argued that - in short - the disclosure of his personal data to [D] has led to serious mental injury for him, and therefore an impairment of the person. The court is of the opinion that [the applicant] has not fulfilled its obligation to furnish evidence on this point. First of all: although he has stated that he has moved to Spain because of this problem, this statement has not been substantiated in any way. In addition, [applicant] has failed to demonstrate that there is a causal connection between his alleged relocation in Spain and the disclosure of the email address of [applicant] and the insurance policy number. It has also not been established that the disclosure of the aforementioned personal data to [D] on the part of [applicant] led to an impairment of his person. Neither the statements of [applicant] nor the statement of his general practitioner [F] offer sufficient leads for the assumption that the provision of the aforementioned personal data by ASR to [D] has led or could have led to psychological damage according to objectively determined standards. or disorder in [applicant]. After all, it appears from the letter from the GP that [the applicant] had been familiar with rheumatoid arthritis and high blood pressure for many years. Of the other complaints listed by the GP (skin problems, memory problems, feelings of depression and recurrent urinary tract infections), it is (remains) unclear whether and, if so, to what extent they are (only) related to the provision of the email address of [applicant] and the policy number. of the insurance to [D]. And if any causal connection should be assumed between them, it does not meet the relatively high threshold of Article 6:106 sub b of the Dutch Civil Code. Finally, it is considered in this connection that the statement submitted by the cardiologist of the current partner of [applicant] cannot lead to a different opinion.

4.5.7.

[applicant]'s material claim for damages, which amounts to € 6,190.08, is further elaborated in the petition (pages 5 and 6). The alleged damage of [the applicant] can be divided into relocation, medical and extrajudicial costs. ASR has also put up a defense against the liability for this.

The court states first and foremost that compensation only qualifies for damage that is related to the event on which ASR's liability is based in such a way that it can be attributed to it as a result of this event, partly in view of the nature of the liability and of the damage. .

With regard to the relocation costs claimed, it has already been considered above that the relocation of [applicant] in Spain has not been established in court. But even if that were the case, there would still be no causal link between the personal data wrongly provided by ASR to [D] on the one hand and the stated need to move as a result on the other. Finally, it is also established that the costs associated with the alleged relocation have not been substantiated in any way. The same applies to medical and extrajudicial costs.

4.5.8.

The conclusion is that the claim for immaterial and material damage is ready for rejection. [applicant], as the predominantly unsuccessful party, must be ordered to pay the costs of the proceedings. The legal costs on the part of ASR are estimated at € 676 in court fees and € 2,228 in lawyer's salary. Since this has not been requested by ASR, the order for costs will not be declared provisionally enforceable.

5 The decision

The court

5.1.

declares [applicant] inadmissible in amended requests five and six;

5.2.

rejects amended requests one through four and seven through nine;

5.3.

orders [applicant] to pay the costs of these proceedings, which are estimated on the part of ASR up to this judgment at a total amount of € 2,904.

This decision was issued by J.M.P. Kings of Kings and pronounced in public on August 24, 2022.
Retrieved from "https://gdprhub.eu/index.php?title=Rb._Midden-Nederland_-_C/16/526196/_HA_RK_/_21-01&oldid=29803"
Creative Commons Attribution-NonCommercial-ShareAlike
Powered by MediaWiki