Rb. Overijssel - 9965129 \ CV EXPL 22-2279: Difference between revisions
From GDPRhub
mNo edit summary |
(Updated summary) |
||
| Line 64: | Line 64: | ||
}} | }} | ||
A district court held that a former employee has the right to oversee the erasure of data from her work laptop to prevent access to her personal data, but also that the employer has the right to prevent the former employee from getting access to business-sensitive information and the personal data of other employees. | |||
== English Summary == | == English Summary == | ||
=== Facts === | === Facts === | ||
The employee (data subject) had received a laptop for | The employee (data subject) had received a work laptop for her employment. After the employment period had ended, the employer (controller) had blocked her access to the laptop and requested the laptop back as it is still in the data subject’s possession. | ||
The data subject is not opposed to returning the laptop, but wants to be able to delete her personal data before doing so and invoked her right to protection of her privacy. The controller did not consider this a reasonable demand, because (1) the laptop was meant to be used for business purposes only, and (2) the access to the laptop would imply access to their confidential business environment. As a result, the controller also invoked the protection of privacy-sensitive information of the company for which they are responsible. | |||
=== Holding === | === Holding === | ||
The Court | The District Court of Overijssel managed the case. The Court concluded that both claims are partly admissible. The controller’s claim is not fully admissible, because they did not dispute that the laptop contains privacy-sensitive data. The fact that the data subject was not allowed to put these data on the laptop does not change this. The data is on the laptop and is privacy-sensitive within the meaning of the GDPR. Therefore, the data subject has a point when she says that they should not be made available to the former employer. | ||
On the other hand, the data subject’s counterclaim is also not fully admissible, because granting access to the laptop would mean that the data subject could get access to the controller’s digital business environment. That could result in her gaining access to controller’s business data which could also be privacy-sensitive within the meaning of the GDPR. | |||
Therefore, the solution lies in the middle. The solution provided in this case is that the laptop will be taken to the controller and that someone other than the data subject or controller will erase the laptop so that the confidential data will be removed. The data subject may be present during this process. | |||
== Comment == | == Comment == | ||
''Share your comments here!'' | ''Share your comments here!'' | ||
Revision as of 06:00, 23 August 2022
| Rb. Overijssel - 9965129 \ CV EXPL 22-2279 | |
|---|---|
 | |
| Court: | Rb. Overijssel (Netherlands) |
| Jurisdiction: | Netherlands |
| Relevant Law: | Article 4(1) GDPR Article 17 GDPR |
| Decided: | 18.07.2022 |
| Published: | 17.08.2022 |
| Parties: | Stichting Eega Plus |
| National Case Number/Name: | 9965129 \ CV EXPL 22-2279 |
| European Case Law Identifier: | ECLI:NL:RBOVE:2022:2365 |
| Appeal from: | |
| Appeal to: | Not appealed |
| Original Language(s): | Dutch |
| Original Source: | Rechtspraak (in Dutch) |
| Initial Contributor: | Eva Lu |
A district court held that a former employee has the right to oversee the erasure of data from her work laptop to prevent access to her personal data, but also that the employer has the right to prevent the former employee from getting access to business-sensitive information and the personal data of other employees.
English Summary
Facts
The employee (data subject) had received a work laptop for her employment. After the employment period had ended, the employer (controller) had blocked her access to the laptop and requested the laptop back as it is still in the data subject’s possession.
The data subject is not opposed to returning the laptop, but wants to be able to delete her personal data before doing so and invoked her right to protection of her privacy. The controller did not consider this a reasonable demand, because (1) the laptop was meant to be used for business purposes only, and (2) the access to the laptop would imply access to their confidential business environment. As a result, the controller also invoked the protection of privacy-sensitive information of the company for which they are responsible.
Holding
The District Court of Overijssel managed the case. The Court concluded that both claims are partly admissible. The controller’s claim is not fully admissible, because they did not dispute that the laptop contains privacy-sensitive data. The fact that the data subject was not allowed to put these data on the laptop does not change this. The data is on the laptop and is privacy-sensitive within the meaning of the GDPR. Therefore, the data subject has a point when she says that they should not be made available to the former employer.
On the other hand, the data subject’s counterclaim is also not fully admissible, because granting access to the laptop would mean that the data subject could get access to the controller’s digital business environment. That could result in her gaining access to controller’s business data which could also be privacy-sensitive within the meaning of the GDPR.
Therefore, the solution lies in the middle. The solution provided in this case is that the laptop will be taken to the controller and that someone other than the data subject or controller will erase the laptop so that the confidential data will be removed. The data subject may be present during this process.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Dutch original. Please refer to the Dutch original for more details.
COURT OVERIJSSEL Team canton and commercial law Seating place Zwolle Case number : 9965129 \ CV EXPL 22-2279 PROCEDURE REPORT of the session of the subdistrict court held in Zwolle on 18 July 2022 in the summary proceedings of: the EEGA PLUS FOUNDATION, with its registered office and principal place of business in Deventer, claimant, hereinafter referred to as Eega, authorized representative: mr. H. den Besten against [defendant] , residing at [residence] , the defendant, hereinafter referred to as [defendant], authorized representative: mr. E. Baldan Kaya The oral hearing took place on 18 July 2022. Nowadays: - mr. A.M. Koene, district judge - drs. A. Panjer-Hartman, clerk After the case was declared: - Eega, represented by [A] (director/director of the foundation) and [B] (operational director), assisted by mr. den Besten; - [defendant] , in person, assisted by mr. Baldan Kaya. The Subdistrict Court determines that both parties have appeared. After the oral hearing, the subdistrict court judge delivered an oral decision at the hearing. 1 The decision in summary proceedings The subdistrict court judge: In convention and in counterclaim 1.1. orders the parties to cooperate with the hard disk of the laptop being erased within four weeks of today at the offices of Eega by an IT employee of Eega in the presence of [defendant]; 1.2. orders [defendant] to then leave the laptop with accessories (mouse and battery charger) at Eega; 1.3. declares these orders provisionally enforceable; 1.4. determines that each party bears its own costs; 1.5. rejects what has been advanced more or otherwise. 2 The grounds of the decision In convention and in counterclaim 2.1. There was an employment contract between Eega as employer and [defendant] as employee and that employment contract has since been terminated. [defendant] has received a laptop on loan from Eega for that employment. She still has that laptop. Eega has blocked access to the laptop. 2.2. Eega wants the laptop back and has filed a claim (the claim in the main proceedings) for this purpose in summary proceedings. Eega demands that the laptop be handed over on pain of a penalty. [defendant] does not oppose returning the device, but she first wants access to the laptop in order to be able to delete her own data. She invokes privacy with regard to that data. In this connection, [defendant] has filed a counterclaim (a counterclaim) to enforce, on pain of a penalty, that she is given the opportunity to remove her private data from the laptop. 2.3. Eega does not consider the latter a reasonable requirement for the following reasons. Firstly, Eega argues that the laptop could only be used for business purposes and that the laptop was therefore not intended for storing private data. Secondly, Eega argues that access to the laptop also means access to her confidential business environment. In that respect, Eega also appeals to the protection of privacy-sensitive information. 2.4. Both parties have upheld their claims and are seeking judgment. 2.5. The subdistrict court judge comes to the conclusion that the lesser of the claims can be awarded in both the main action and the counterclaim. This means that both parties are partly in the right. This judgment is based on the motivation below. 2.6. Eega's claim cannot be fully granted, because Eega has not disputed that privacy-sensitive data of [defendant] is located on the laptop. The fact that [defendant] may not have been allowed to put this information on it does not change that. The data is on the laptop and it is privacy-sensitive data within the meaning of the GDPR. [Defendant] therefore has a point when she says that these may not be made available to the former employer. 2.7. On the other hand, the counterclaim of [defendant] is also not fully allowable. That is because granting access to the laptop would mean that [defendant] gains access to Eega's digital business environment. And that can lead to her gaining access to Eega company data that are privacy sensitive within the meaning of the GDPR and for which Eega is responsible. 2.8. The Subdistrict Court is therefore of the opinion that the solution lies in the middle. That solution boils down to the practical proposal that [A] made during the oral hearing, shortly before the suspension, and which was also accepted by [defendant]. That proposal means that the laptop is brought to Eega and that the laptop is cleaned there by someone from Eega, who is not [A] or [B], so that the confidential data of [defendant] is removed. [defendant] may be present. 2.9. This means that both parties are in the right (or, as you prefer: wrong) and this means that each party bears its own costs (compensation of costs). Moreover, the subdistrict court was unable to establish that the fact that the parties have become involved in the present preliminary relief proceedings is mainly due to one or the other. This oral statement was made by mr. A.M. Koene, Subdistrict Court, and pronounced in public on July 18, 2022. of which official report, the cantonal judge
