Autoriteit Persoonsgegevens – Court Ruling (Netherlands, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Dutch court ruled that the Minister of Finance did not respond quickly enough to a person's request for their personal data. This is significant because it shows that people have the right to access their information in a timely manner. Businesses should be aware that delays in responding to data requests can lead to legal challenges.
What happened
The court found that the Minister of Finance failed to comply with a request for personal data within the required time frame.
Who was affected
A former employee of the Minister of Finance who requested access to their personal data.
What the authority found
The court ruled that the Minister violated the GDPR by not responding to the data access request in a timely manner.
Why this matters
This case underscores the importance of timely responses to data access requests. Small businesses must ensure they have processes in place to handle such requests efficiently to avoid legal repercussions.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
On 20 December 2018, the data requested access to his personal data from his previous employer, the Minister of Finance. On 5 February 2019, he filed a complaint with the Dutch DPA (Autoriteit Persoonsgegevens) to take enforcement action against the Minister, because the Minister did not timely and fully comply with his access request. At the same time, he filed administrative appeal against the Minister’s failure to make a timely decision, and brought the issue before Court. On 9 April 2019, the Court acknowledged his claim and ordered the Minister to comply with the access request, which the Minister did on 1 May 2019. On 8 January 2021, the DPA rejected the data subject’s complaint for enforcement against the Minister, for two reasons. First, because the Court had already ruled that the decision had not been made within due time, the DPA would not have to rule anymore whether or not the decision had been made timely. Second, regarding the question whether or not the request had been fully complied with, the DPA considered that this would require further investigation. However, the alleged infringement was not considered to be harmful enough, according to the DPA’s own "Policy Rules on Prioritising AP Complaints Investigation", and therefore did not handle the complaint. According to the data subject, the Court’s judgement proves that the Minister violated the GDPR and the DPA therefore had to take enforcement action. Hence, he appealed to the DPA’s rejection of his complaint, before Court and claimed that the DPA should issue a fine against the Minister. Moreover, he requested to be compensated for immaterial damages. The District Court Amsterdam rejected the claim. First, it considered that the DPA has limited resources and receives tens of thousands complaints every year. Hence, the DPA has to consider which complaints they handle, and which complaints have a higher priority to be dealt with. The Court found that it follows from Article 57(1)(f) GDPR that the
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (10)
Other cases involving Autoriteit Persoonsgegevens in NL
Court Ruling
Details
About this data
Cite as: Cookie Fines. Autoriteit Persoonsgegevens - Netherlands (2022). Retrieved from cookiefines.eu
Last updated: