Achmea – Court Ruling (Netherlands, 2019)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Dutch court ruled that Achmea could keep a person's credit registration data, even though he wanted it removed to get loans. The court found that the banks had a legal reason to keep the data to protect both consumers and lenders. This case shows that banks can refuse to delete data if they have strong reasons.
What happened
Achmea refused to erase a person's credit registration data, which he claimed blocked him from getting loans.
Who was affected
Individuals with negative credit registrations that prevent them from obtaining loans and leases.
What the authority found
The court decided that Achmea had a valid legal reason to keep the credit data under GDPR, even if the person wanted it erased.
Why this matters
This ruling highlights that banks can legally retain credit data if it's necessary to protect financial systems, even against a person's request for deletion. It underscores the balance between individual rights and broader financial protections.
GDPR Articles Cited
National Law Articles
The applicant requested the Court to remove his credit registration from two bank databases, Achmea and ABN AMRO, because these registrations prevented him from obtaining loans and leases. The claimant based his application on Article 8 of the ECHR and Article 7 of the Charter. In their defence, the banks argued that the processing of the personal data was not based on the data subject’s consent under Article 6(1)(a) GDPR but on compliance with legal obligations under Article 6(1)(c) GDPR and that the data subject did not have the right to object to the processing. The Court had to balance the different interests at stake to assess whether the banks' refusal to erase the personal data was legitimate. First of all, the Court described that the objective of credit registration was to protect consumers against excessive lending and to protect providers of credit against borrowers who have not proven their ability to repay the loans. Then, the Court found that the credit registration system necessarily involves the processing of personal data, protected by Article 16(2) TFEU. It found that personal data can be collected only for specific purposes listed exhaustively under Article 6(1) GDPR. In addition, the Court stressed the difference between the right to object to processing on the one hand, which applies where the processing is based on Article 6(1)(e) GDPR or Article 6(1)(f) GDPR, and the right to erasure on the other hand, which applies even if the processing is based on Article 6(1)(c) GDPR. The Court confirmed that in this case the processing was based on Article 6(1)(c) GDPR and that the claimant could ask for the erasure of his personal data. However, the controllers could still refuse the erasure on the basis of compelling legitimate grounds which would outweigh the interests, rights and freedoms of the data subject. It found that only the “negative” credit registrations prevented the Claimant from obtaining loans and leases but that they were necessar
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Achmea in NL
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Achmea - Netherlands (2019). Retrieved from cookiefines.eu
Last updated: