Rabobank – Court Ruling (Netherlands, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Rabobank faced a court ruling after a customer asked to remove a negative credit registration. The court decided that the bank had valid reasons to keep the registration for five years. This ruling highlights the importance of understanding how long negative credit information can stay on your record.
What happened
Rabobank refused a customer's request to remove a negative credit registration before the five-year period was up.
Who was affected
The customer who had a negative credit registration due to unpaid loans.
What the authority found
The court ruled that the customer did not have sufficient grounds to override the bank's legitimate interest in keeping the registration.
Why this matters
This case shows that banks can maintain negative credit records for a set period, which can impact customers' ability to secure loans. Small business owners should be aware of how credit registrations work and the timelines involved.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
Rabobank (the controller) provided a business loan of €86,000 to the data subject in 2008. In 2014, the controller terminated their financial relationship with the data subject, as the data subject was unable to meet payments on time and had exceeded their credit limit. In 2015, the data subject negotiated a new payment plan with the controller, but they were unable to maintain this. In September 2022, the data subject reached a new agreement with the controller, where the data subject paid €27,375 to the controller and the controller wrote off the remaining debt. On 6 October 2022, the controller formally waived their remaining claim against the data subject and the controller negatively registered the data subject in the national Credit Information System (CKI). Under domestic regulations, the data subject's negative registration could only be removed after five years by the controller, on 6 October 2027. On 6 February 2023 and 27 February 2023, the data subject requested the controller to remove his negative registration from the system so that he could purchase a commercial property. In response to both requests, the controller refused, noting that there were no compelling grounds to shorten the five year registration period. Following the controller's refusals, the data subject filed a claim with the District Court of Amsterdam, requesting that his negative registration be removed (erasure request). One of the grounds to exercise the right of erasure is an Article 21(1) GDPR objection to processing, where there are no overriding legitimate grounds for the processing (Article 17(1)(c) GDPR). Consequently, the Court considered the data subject's claim on the basis of Article 21(1) GDPR. The Court refused to enforce the data subject's request, as they found that the data subject had no overriding interests, rights or freedoms against the legitimate interests of the controller under Article 21(1) GDPR. The controller used Article 6(1)(f) GDPR as a legal ba
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (1)
Other cases involving Rabobank in NL
Details
About this data
Cite as: Cookie Fines. Rabobank - Netherlands (2023). Retrieved from cookiefines.eu
Last updated: