Rb. Midden-Nederland - UTR 20/268

From GDPRhub
Revision as of 06:56, 3 November 2021 by Gr (talk | contribs)
Rb. Midden-Nederland - UTR 20/268
Courts logo1.png
Court: Rb. Midden-Nederland (Netherlands)
Jurisdiction: Netherlands
Relevant Law: Article 4 GDPR
Article 12 GDPR
Article 15 GDPR
Decided: 12.01.2021
Published: 22.10.2021
Parties:
National Case Number/Name: UTR 20/268
European Case Law Identifier: ECLI:NL:RBMNE:2021:39
Appeal from:
Appeal to: n/a
Original Language(s): Dutch
Original Source: Rechtspraak.nl (in Dutch)
Initial Contributor: Anike Malherbe

English Summary

The court held that the scope of “personal data” includes a data subjects’ alias, as referred to in Article 15 GDPR (read in conjunction with Article 4 GDPR), but this is not the case for internal correspondence.

Facts

This matter concerns the claimant’s request for accesses to his personal data held and processed by the controller, which was partially provided. The claimant objected to the defendant’s decision to exclude further documents but this objection was dismissed.

The claimant argued that his request included information linked to his name, his alias, and internal correspondence between the defendant and its organisational unit (TOEFL) relating to the processing of his asylum application.

The claimant relied on Article 12 GDPR and Article 15(1) GDPR, and referred to a judgment of the Court of Appeal in The Hague (17 September 2019) and the Nowak judgment by the CJEU in support of his interpretation of the notion of personal data.

The controller maintained that this concepts' scope does not include their internal correspondence (as it does not fall within the formal definition), nor does it include the claimant’s alias (the judgment does not elaborate on the controller's reasoning for the latter stance). The controller referred to a 17 July 2014 decision by the CJEU in support of its argument on the access to correspondence.

Holding

The court turned to the definition contained in Article 4 GDPR to determine whether an alias forms part of one’s personal data in terms of Article 15 and subsequently declared the defendant’s understanding as incorrect. The court held that “[t]his alias was used by the claimant... and can therefore be directly linked to the claimant himself.” Hence, the scope of personal data includes someone's alias.

In its assessment of whether this is also the case for internal correspondence between the controller and TOELT, the court distinguished the present matter from the case law referred to by the claimant. It further notes that the 17 July 2014 judgment by the CJEU relied on by the controller predates the GDPR but maintains its relevance to the interpretation of the right of access and rectification.

The court considered the CJEU’s reasoning, that if the applicant’s right of access were to be extended to the legal analysis of the residence permit process, it would no longer serve the purpose of the GDPR and would ensure the applicant access to administrative documents, which the GDPR does not provide for. Thus, the internal correspondence between the Respondent and TOELT was excluded from the scope of the notion of personal data.

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the Dutch original. Please refer to the Dutch original for more details.