The Netherlands – Court Ruling (Netherlands, 2020)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Dutch court ruled against the use of the System Risk Indication (SyRI) tool, which was used by authorities to predict fraud. The court found that SyRI violated privacy rights because it wasn't necessary or proportionate. This decision emphasizes the need for governments to balance technology use with individuals' privacy rights.
What happened
The court ruled that the use of SyRI by Dutch authorities violated privacy rights.
Who was affected
Dutch citizens whose personal data was processed by the SyRI tool.
What the authority found
The court found that SyRI's data processing was not necessary or proportionate, violating privacy rights under the European Convention on Human Rights.
Why this matters
This ruling underscores the importance of ensuring that government surveillance tools are necessary and proportionate, respecting citizens' privacy rights. It serves as a warning to other governments using similar technologies.
GDPR Articles Cited
National Law Articles
The digital tool called System Risk Indication (SyRI) is used by central and local Dutch authorities to prevent and combat fraud in the areas of tax and social security. It carries out different processing operations on personal data. SyRI gathers large-scale data and generates risk notification about people likely to commit fraud, which is called “risk report”. These risk reports have significant consequences on citizens' life; they indicate s that a specific person is worthy of investigation related to fraud. A number of civil society organisations and citizens sued the State claiming that SyRI violates fundamental rights. The Sate argued that SyRI provides sufficient guarantees for protecting the human right to privacy. The litigation raised numerous issues related to International and European Law, mainly the violation of Article 8(2) ECHR which allows interferences with the exercise of the right to respect for private and family life by a public authority under three conditions: it must be provided by law, be necessary in a democratic society and pursue interests such as the prevention of disorder or the economic well-being of the country. Nevertheless, this summary will focus on the protection of personal data and the interplay between the new technologies and the ECHR. The Court had to pronounce itself on whether the processing of personal data by the digital tool SyRI falls within the scope of Article 8(2) ECHR. It assessed whether SyRI was prescribed by law and under which conditions to know if it was necessary for the pursue of the prevention of fraud within a democratic society. Thus, it addressed importantly the interplay between Article 8 ECHR and EU law, including the Charter and the GDPR for the purpose of the assessment of the interference in private life under the ECHR. Focusing on data protection, the Court focused on the processing operations in the context of the deployment of the SyRI and the technical safeguards contained in the tool. It r
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for The Netherlands in NL
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. The Netherlands - Netherlands (2020). Retrieved from cookiefines.eu
Last updated: