Rb. Midden-Nederland - UTR 20/268

From GDPRhub
Revision as of 15:58, 5 November 2021 by SL (talk | contribs) (→‎changed TOEFL to TOELT)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Rb. Midden-Nederland - UTR 20/268
Courts logo1.png
Court: Rb. Midden-Nederland (Netherlands)
Jurisdiction: Netherlands
Relevant Law: Article 4 GDPR
Article 12 GDPR
Article 15 GDPR
Decided: 12.01.2021
Published: 22.10.2021
Parties:
National Case Number/Name: UTR 20/268
European Case Law Identifier: ECLI:NL:RBMNE:2021:39
Appeal from:
Appeal to: n/a
Original Language(s): Dutch
Original Source: Rechtspraak.nl (in Dutch)
Initial Contributor: Anike Malherbe

The District Court of Midden-Nederland held that the definition of “personal data” generally includes a data subjects’ alias, but that this did not apply to internal correspondence between the complainant and their organisational unit in the context of the processing of their asylum application.

English Summary[edit | edit source]

Facts[edit | edit source]

This matter concerns a claimant’s access request which was only partially addressed. The data subject objected to the controller’s decision and argued that his request should have included information linked to his name, his alias, and internal correspondence between the defendant and its organisational unit (TOELT) relating to the processing of his asylum application.

On the one side, the complainant relied on Article 12 GDPR and Article 15(1) GDPR, and referred to a judgment of the Court of Appeal in The Hague and the Nowak judgment by the CJEU in support of his interpretation of the notion of personal data. The controller, on the other side, maintained that the definition of personal data does not include internal correspondence nor the claimant’s alias.

Holding[edit | edit source]

The court turned to the definition contained in Article 4 GDPR to determine whether an alias forms part of one’s personal data and declared the controller’s understanding as incorrect. The court held that “[t]his alias was used by the claimant... and can therefore be directly linked to the claimant himself.” Hence, the scope of personal data includes someone's alias.

In its assessment of whether this was also the case for internal correspondence between the controller and TOELT, the court distinguished the present matter from the case law referred to by the complainant. It further noted that a CJEU judgment relied on by the controller predates the GDPR but maintains its relevance to the interpretation of the right of access and rectification.

The court considered the CJEU’s reasoning, that if the applicant’s right of access were to be extended to the legal analysis of the residence permit process, it would no longer serve the purpose of the GDPR and would ensure the applicant access to administrative documents, which the GDPR does not provide for. Thus, the internal correspondence between the controller and TOELT was excluded from the scope of the notion of personal data.

Comment[edit | edit source]

Share your comments here!

Further Resources[edit | edit source]

Share blogs or news articles here!

English Machine Translation of the Decision[edit | edit source]

The decision below is a machine translation of the Dutch original. Please refer to the Dutch original for more details.