Claimant – Court Ruling (Netherlands, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Dutch court ruled that a municipality did not violate privacy rules when it published personal data online. The court found that the municipality had the right to share this information under public transparency laws. This decision highlights the balance between privacy and public interest in information sharing.
What happened
The municipality of Utrecht published personal data online, including addresses, which led to a complaint.
Who was affected
The person whose data was published, along with his neighbors, was affected by this decision.
What the authority found
The court decided that the municipality acted within its rights under public transparency laws and did not need a separate GDPR investigation.
Why this matters
This case shows that courts may prioritize public interest over individual privacy in certain situations. Website operators should be aware of how public information can be shared legally.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
The data subject filed an access request for their personal data related to a legal dispute. The municipality of Utrecht ("controller") published the data online, including the addresses of the data subject and his neighbours. The data subject lodged a complaint with the Dutch Data Protection Authority (AP) on 24 July 2021. Following the complaint, the controller removed some of the personal data, making the infringement of privacy minor. The AP concluded that there was no violation of the GDPR and emphasized that the controller had discretion under Article 5(1) of the Woo (Wet open overheid) to disclose information contained in public documents. The data subject appealed the AP's decision on both procedural and substantive grounds. While the initial claim concerned the AP’s failure to decide on time, he also raised legal arguments, including that the authority had not investigated sufficiently, that the publication of address data violated the GDPR, and that the AP should have conducted an independent GDPR assessment separate from the Woo framework. The appeal was found manifestly inadmissible, and the court issued its judgment without a hearing. The court pointed out that the matter at hand had already been decided in a previous judgment (ECLI:NL:RBMNE:2023:6538). That case, decided under the Woo, had already balanced privacy interests against the public interest in transparency, concluding that disclosure of the address data was lawful. In the present case, the court declined to re-examine the issue because the data subject requested the same balancing to be repeated under the GDPR, without introducing any new facts or legal grounds. As the Woo is recognised as applicable national law under Article 86 GDPR, the previous assessment sufficed. The AP was therefore entitled to rely on the prior Woo-based judgments, and no separate GDPR investigation was required. The court ordered the AP to pay the €437,50 procedural costs because the AP had issued the decision too
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (2)
Other cases involving Claimant in NL
Court Ruling
Details
About this data
Cite as: Cookie Fines. Claimant - Netherlands (2024). Retrieved from cookiefines.eu
Last updated: