Rb. Midden-Nederland - UTR 20/268: Difference between revisions

From GDPRhub
No edit summary
 
(10 intermediate revisions by 3 users not shown)
Line 19: Line 19:
|Year=2021
|Year=2021


|GDPR_Article_1=Article 4 GDPR
|GDPR_Article_Link_1=Article 4 GDPR
|GDPR_Article_2=Article 12 GDPR
|GDPR_Article_Link_2=Article 12 GDPR
|GDPR_Article_3=Article 15 GDPR
|GDPR_Article_Link_3=Article 15 GDPR


|National_Law_Name_1=Article 12 General Administrative Law Act (AVG)
|National_Law_Link_1=
|National_Law_Name_2=Article 15 General Administrative Law Act (AVG)
|National_Law_Link_2=
|National_Law_Name_3=Article 4 General Administrative Law Act (AVG)
|National_Law_Link_3=


|Party_Name_1=
|Party_Name_1=
Line 41: Line 40:
|Appeal_From_Body=
|Appeal_From_Body=
|Appeal_From_Case_Number_Name=
|Appeal_From_Case_Number_Name=
|Appeal_From_Status=
|Appeal_From_Status=n/a
|Appeal_From_Link=
|Appeal_From_Link=
|Appeal_To_Body=
|Appeal_To_Body=
|Appeal_To_Case_Number_Name=
|Appeal_To_Case_Number_Name=
|Appeal_To_Status=Unknown
|Appeal_To_Status=n/a
|Appeal_To_Link=
|Appeal_To_Link=


Line 51: Line 50:
|
|
}}
}}
The District Court of Midden-Nederland held that the definition of “personal data” generally includes a data subjects’ alias, but that this did not apply to internal correspondence between the complainant and their organisational unit in the context of the processing of their asylum application.


== English Summary ==
==English Summary==
The court held that the scope of “personal data” includes a data subjects’ alias, as referred to in Article 15 GDPR (read in conjunction with Article 4 GDPR), but this is not the case for internal correspondence.
=== Facts===
 
This matter concerns a claimant’s access request which was only partially addressed. The data subject objected to the controller’s decision and argued that his request should have included information linked to his name, his alias, and internal correspondence between the defendant and its organisational unit (TOELT) relating to the processing of his asylum application.  
=== Facts ===
This matter concerns the claimant’s request for accesses to his personal data held and processed by the defendant, which was partially provided. The claimant objected to the defendant’s decision to exclude further documents but this objection was dismissed.
 
The claimant argued that his request included information linked to his name, his alias, and internal correspondence between the defendant and its organisational unit (TOEFL) relating to the processing of his asylum application.
 
The claimant relied on [[Article 12 GDPR]] and <nowiki>[[Article 15 GDPR#1]]</nowiki> and referred to a judgment of [https://uitspraken.rechtspraak.nl/inziendocument?id=ECLI:NL:GHDHA:2019:2398 the Court of Appeal in The Hague (17 September 2019)] and the [[CJEU - C-434/16 - Peter Nowak|Nowak judgment by the CJEU]] in support of his interpretation of the notion of personal data.  


The Defendant maintains that this concepts' scope does not include their internal correspondence (as it does not fall within the formal definition), nor does it include the claimant’s alias (the judgment does not elaborate on the defendant’s reasoning for the latter stance). The Defendant referred to a 17 July 2014 decision by the CJEU in support of its argument on the access to correspondence.
On the one side, the complainant relied on [[Article 12 GDPR]] and [[Article 15 GDPR#1|Article 15(1) GDPR]], and referred to a judgment of [https://uitspraken.rechtspraak.nl/inziendocument?id=ECLI:NL:GHDHA:2019:2398 the Court of Appeal in The Hague]  and the [[CJEU - C-434/16 - Peter Nowak|Nowak judgment by the CJEU]] in support of his interpretation of the notion of personal data. The controller, on the other side, maintained that the definition of personal data does not include internal correspondence nor the claimant’s alias.  


=== Holding ===
===Holding===
In determining whether an alias forms part of one’s “personal data” in terms of Article 15(1) AVG the court turned to the definition contained in Article 4 of the AVG and subsequently declares the Defendant’s understanding as incorrect. The court holds that “[t]his alias was used by the claimant... and can therefore be directly linked to the claimant himself.”
The court turned to the definition contained in [[Article 4 GDPR]] to determine whether an alias forms part of one’s personal data and declared the controller’s understanding as incorrect. The court held that ''“[t]his alias was used by the claimant... and can therefore be directly linked to the claimant himself.''Hence, the scope of personal data includes someone's alias.  
In its assessment of whether the correspondence between the Defendant and TOELT should be included under the above-mentioned definition, the court distinguishes the present matter from the case law referred to by the Claimant. It further notes that the 17 July 2014 judgment by the CJEU relied on by the Defendant predates the AVG but maintains its relevance to the interpretation of the right of access and correction provided for in the AVG. The court considered the CJEU’s reasoning that if the applicant’s right of inspection were to be extended to the legal analysis of the residence permit process it will no longer serve the purpose of the Data Protection Directive (and the AVG) and would ensure the applicant access to administrative documents, which the Data Protection Directive (and the AVG) does not provide for. Thus, the correspondence between the Respondent and TOELT was excluded from the scope of the definition as “[i]t is internal correspondence, which, like a legal analysis, should not be checked for accuracy by the Claimant...”


In its assessment of whether this was also the case for internal correspondence between the controller and TOELT, the court distinguished the present matter from the case law referred to by the complainant. It further noted that a CJEU judgment relied on by the controller predates the GDPR but maintains its relevance to the interpretation of the right of access and rectification.


== Comment ==
The court considered the CJEU’s reasoning, that if the applicant’s right of access were to be extended to the legal analysis of the residence permit process, it would no longer serve the purpose of the GDPR and would ensure the applicant access to administrative documents, which the GDPR does not provide for. Thus, the internal correspondence between the controller and TOELT was excluded from the scope of the notion of personal data.
==Comment==
''Share your comments here!''
''Share your comments here!''


== Further Resources ==
==Further Resources==
''Share blogs or news articles here!''
''Share blogs or news articles here!''


== English Machine Translation of the Decision ==
==English Machine Translation of the Decision==
The decision below is a machine translation of the Dutch original. Please refer to the Dutch original for more details.
The decision below is a machine translation of the Dutch original. Please refer to the Dutch original for more details.



Latest revision as of 15:58, 5 November 2021

Rb. Midden-Nederland - UTR 20/268
Courts logo1.png
Court: Rb. Midden-Nederland (Netherlands)
Jurisdiction: Netherlands
Relevant Law: Article 4 GDPR
Article 12 GDPR
Article 15 GDPR
Decided: 12.01.2021
Published: 22.10.2021
Parties:
National Case Number/Name: UTR 20/268
European Case Law Identifier: ECLI:NL:RBMNE:2021:39
Appeal from:
Appeal to: n/a
Original Language(s): Dutch
Original Source: Rechtspraak.nl (in Dutch)
Initial Contributor: Anike Malherbe

The District Court of Midden-Nederland held that the definition of “personal data” generally includes a data subjects’ alias, but that this did not apply to internal correspondence between the complainant and their organisational unit in the context of the processing of their asylum application.

English Summary

Facts

This matter concerns a claimant’s access request which was only partially addressed. The data subject objected to the controller’s decision and argued that his request should have included information linked to his name, his alias, and internal correspondence between the defendant and its organisational unit (TOELT) relating to the processing of his asylum application.

On the one side, the complainant relied on Article 12 GDPR and Article 15(1) GDPR, and referred to a judgment of the Court of Appeal in The Hague and the Nowak judgment by the CJEU in support of his interpretation of the notion of personal data. The controller, on the other side, maintained that the definition of personal data does not include internal correspondence nor the claimant’s alias.

Holding

The court turned to the definition contained in Article 4 GDPR to determine whether an alias forms part of one’s personal data and declared the controller’s understanding as incorrect. The court held that “[t]his alias was used by the claimant... and can therefore be directly linked to the claimant himself.” Hence, the scope of personal data includes someone's alias.

In its assessment of whether this was also the case for internal correspondence between the controller and TOELT, the court distinguished the present matter from the case law referred to by the complainant. It further noted that a CJEU judgment relied on by the controller predates the GDPR but maintains its relevance to the interpretation of the right of access and rectification.

The court considered the CJEU’s reasoning, that if the applicant’s right of access were to be extended to the legal analysis of the residence permit process, it would no longer serve the purpose of the GDPR and would ensure the applicant access to administrative documents, which the GDPR does not provide for. Thus, the internal correspondence between the controller and TOELT was excluded from the scope of the notion of personal data.

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the Dutch original. Please refer to the Dutch original for more details.