Rb. Noord-Nederland - LEE 22/1758
From GDPRhub
| Rb. Noord-Nederland - LEE 22/1758 | |
|---|---|
 | |
| Court: | Rb. Noord-Nederland (Netherlands) |
| Jurisdiction: | Netherlands |
| Relevant Law: | Article 15 GDPR |
| Decided: | 24.11.2022 |
| Published: | 02.12.2022 |
| Parties: | |
| National Case Number/Name: | LEE 22/1758 |
| European Case Law Identifier: | ECLI:NL:RBNNE:2022:4502 |
| Appeal from: | |
| Appeal to: | Unknown |
| Original Language(s): | Dutch |
| Original Source: | de Rechtspraak (in Dutch) |
| Initial Contributor: | n/a |
A Dutch Court held that the data subject must prove the existence of further data than those provided by the controller following an access request.
English Summary
Facts
A data subject received a letter from the Dutch Ministry of Finance (controller) stating that they (the data subject) had been included in the Fraud Identification Facility (FSV), a filing system used by the controller.
In the letter the controller elaborated further that the FVS did no longer exist and informed the data subject of the possibility to access their data as well as the possibility of them having suffered damages due to inclusion in the FSV.
The data subject filed an access request with the FSV.
On 19 October 2022 the controller answered to the data subject’s request, providing an overview of all their personal data contained in the FSV in accordance with Article 15 GDPR.
The data subject considered this answer as incomplete and appealed this decision stating that they want to know the reason for being included in the FSV as well as that they have suffered damages from being wrongly included.
In its defence, the controller stated that the platform did no longer exist, it was therefore not possible to find out how the information ended up in the system.
Holding
The court held that the data subject had to prove the existence of further information than what was included in the answer to the access request. In this case, the data subject did not sufficiently demonstrated the existence of further personal data than provided by the controller.
The court found the appeal to be unfounded.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Dutch original. Please refer to the Dutch original for more details.
Pronunciation COURT NORTHERN NETHERLANDS Groningen seat Administrative law case number: LEE 22/1758 judgment of the single-judge chamber of 24 November 2022 in the case between [plaintiff], from [place], plaintiff (authorised: [authorised 1]), and The Minister of Finance (the Minister) (Agents: [Authorized Agent 2] and [Authorized Agent 3]). Introduction 1. In this judgment, the court assesses the plaintiff's appeal against the decision on the plaintiff's request for inspection of the Fraud Identification Facility (FSV). The Minister has interpreted this request as a request for information under the General Data Protection Regulation (GDPR). He granted the request in the primary decision and provided the claimant with an overview of his personal data contained in the FSV. 1.1. Plaintiff appealed against this decision. He wants to know why he was included in the FSV. Moreover, he believes that he suffered damage because he was wrongly included in the FSV. In the contested decision of 19 April 2022, the Minister indicated that he does not have more information than he has already provided. 1.2. The Minister responded to the appeal with a statement of defence. The court asked the plaintiff for a written response to the defence. Plaintiff has responded. 1.3. The court heard the appeal on October 28, 2022. Participated in this: the plaintiff, the plaintiff's authorized representative and the Minister's authorized representatives. Review by the court 2. The court assesses the access granted by the Minister. It does so on the basis of the grounds of appeal of the plaintiff. 3. The court is of the opinion that the appeal is unfounded. The court explains below how it arrived at this judgment and the consequences of this judgment. 4. The court takes into account the following facts and circumstances in its judgment. 4.1. Plaintiff received a letter from the Minister stating that he had been included in the FSV. This letter also stated that the FSV is no longer in use, because its use did not comply with the GDPR. In the letter, the claimant was further informed of the possibility of accessing the personal data contained in the FSV. And on the possibility to report that he has suffered damage due to inclusion in the FSV. Plaintiff requested access to his data and filed a damage report. What is this case about? 5. The claimant received a decision on his request for inspection, against which he has lodged an objection. This appeal is only about the Minister's decision on that notice of objection, about the access granted to the claimant to his data included in the FSV. The question whether or not the defendant (at the time) acted unlawfully by including the plaintiff's personal data in the FSV is therefore not open to answer. Therefore, it cannot be discussed to what extent the plaintiff suffered damage as a result of this (alleged unlawful) act. The case file does show that the Ministry is working on a compensation scheme for those cases in which the registration in the FSV has had adverse consequences. The claimant has already made such a request for compensation. The defendant has promised to take a separate decision on this request from the plaintiff as soon as there is more clarity about the compensation policy. The claimant may contest the outcome of this in other proceedings. Has the Minister provided sufficient information? 6. Plaintiff has argued that he wants to know how he got on the list. He also thinks that there should be more information than the Minister has provided him. He suspects that there has been a mistaken identity. 7. In the primary decision, pursuant to Article 15 of the GDPR, the Minister provided (among other things) an overview stating which of the claimant's personal data have been processed in the FSV. The data has been taken from the so-called PIT Diary, the predecessor of the FSV. The Minister has indicated that it is no longer possible to find out how the signal ended up in the PIT Diary at the time, because this list no longer exists. In the contested decision, the Minister considered that the claimant's request to provide more information from the FSV cannot be met because that information is not available. 8. The defendant could have assumed that the plaintiff has requested access to his data in the FSV pursuant to Article 15 of the GDPR. The right of inspection of Article 15 of the GDPR is intended to inspect the (own) personal data of natural persons and to check whether these are correct. Those who state that there should be more personal data will have to make this plausible, if the administrative body has conducted an investigation into that data and has not implausibly stated that there are no more personal data. 9. In the opinion of the court, the plaintiff has not sufficiently demonstrated that there are more personal data than the defendant has provided. The Respondent has therefore complied with the right of access laid down in Article 15 of the GDPR. Plaintiffs merely suspecting that more information should be available is not sufficient to rule otherwise. The court has no reason to doubt the statements made by the defendant in this regard. At the hearing it turned out that - after the contested decision - parts of the PIT Diary were still found. However, this finding does not mean that the contested decision was incorrect, because this information only became available after the contested decision. In addition, this information does not relate to the FSV, which the claimant has requested to inspect. Moreover, the defendant credibly argued that the PIT Diary does not contain more information than the plaintiff has already received from the FSV. The Minister also promised at the hearing that the claimant would receive a copy of his data in the PIT Diary. 10. Plaintiff's position that there has been a mistaken identity can also not lead to the conclusion that the Minister has provided too little information. Pursuant to the GDPR, the Minister only has to provide access to the applicant's own personal data. As considered above, the Minister has done that sufficiently. 11. The ground of appeal fails. Conclusion and consequences The appeal is unfounded. That means that the plaintiff is not right. Therefore, the plaintiff will not be refunded the court fee. He will also not be reimbursed for his legal costs. Decision The court declares the appeal unfounded. This ruling was made by mr. L. Willems-Keekstra, judge, in the presence of Mr. A.P. Voorham, Registrar. The verdict was pronounced in public on November 24, 2022. clerk right A copy of this judgment has been sent to the parties at: Information on appeal A party that disagrees with this ruling can send a notice of appeal to the Administrative Jurisdiction Division of the Council of State explaining why this party disagrees with this ruling. The notice of appeal must be submitted within six weeks of the day on which this judgment was sent. If the petitioner cannot await the hearing of the appeal because the case is urgent, the petitioner can ask the preliminary relief judge of the Administrative Jurisdiction Division of the Council of State to order a provisional measure (a temporary measure).
