De Vereniging Zorgaanbieders voor Zorgcommunicatie (VZVZ) – Court Ruling (Netherlands, 2020)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Dutch court dismissed a complaint against a healthcare network for allegedly registering patients without consent. The court found no evidence that the system was unlawful and upheld previous findings that safeguards were adequate. This case underscores the importance of having proper consent and data protection measures in place for healthcare data.
What happened
A complaint claimed that a healthcare network registered patients without consent, but the court found the system lawful.
Who was affected
Patients who were allegedly registered in the healthcare network without their explicit consent.
What the authority found
The court ruled that the healthcare network's system was lawful and had adequate safeguards for patient data.
Why this matters
This ruling highlights the need for healthcare providers to ensure they have robust consent and data protection measures. It also shows that courts may uphold systems with adequate safeguards, even if individual consent issues arise.
GDPR Articles Cited
In the letter dated 27 July 2017, the plaintiff requested the defendant to take enforcement action against VZVZ - the administrator of a network to which certain categories of healthcare providers can connect and consult medical data about their patients in each other's systems (LSP). The claims made were as follows: a. The Personal Data Authority (defendant) must take action against VZVZ for the lack of explicit consent collected by people registered in the LSP; b. the defendant must review the view of its legal predecessor, the Dutch Data Protection Authority (Cbp), from 2014, that VZVZ has put in place sufficient technical and organisational safeguards to ensure that only personal data of patients who have given their consent for this purpose are processed; c. the defendant must confirm that VZVZ may not ask for a national identification number (BSN) in combination with a copy of a valid identity document in response to written requests to the effect that someone has been registered with the LSP. The plaintiff submitted four cases of patients who had been registered with the LSP without their permission. According to the plaintiff, she has thus demonstrated that patients are registered with the LSP without their explicit consent and that the system as such is therefore flawed. According to the plaintiff, the defendant must take enforcement action against VZVZ in order to rectify this. In addition to this enforcement request, the plaintiff also submitted an enforcement request to the defendant aimed at addressing pharmacists about the unlawful registration of patients with the LSP. The plaintiff lodged an appeal against the decision of 24 December 2018 (the contested decision), by which the defendant dismissed the claimant's complaint. The appeal is unfounded. The District Court dismissed the plaintiff's argument that the LSP as a system is unlawful. There is no reason to follow plaintiff in her view that healthcare providers are reporting patients in
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for De Vereniging Zorgaanbieders voor Zorgcommunicatie (VZVZ) in NL
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. De Vereniging Zorgaanbieders voor Zorgcommunicatie (VZVZ) - Netherlands (2020). Retrieved from cookiefines.eu
Last updated: