Council of Mayor and Aldermen of Heemskerk – Court Ruling (Netherlands, 2020)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Council of Mayor and Aldermen of Heemskerk refused a man's request to access his personal data because they couldn't verify his identity. They asked for a certified copy of his ID or for him to visit in person, but he didn't comply. This case highlights the balance between verifying identity and allowing access to personal data.
What happened
The Council of Mayor and Aldermen of Heemskerk denied a data access request due to identity verification issues.
Who was affected
A person who requested access to their personal data from the Council of Mayor and Aldermen of Heemskerk.
What the authority found
The court found that the Council could require additional identity verification steps to ensure the requester's identity.
Why this matters
This case underscores the importance of verifying identity when handling personal data requests, which can prevent misuse but also complicate access for legitimate requests. Businesses should consider how they balance security with accessibility in their data practices.
The Council of Mayor and Aldermen of Heemskerk (which exercises the executive power of the municipal government) declined the request of the appellant to access his personal data. The data subject attached a copy of an expired passport to this request, but the Council of Mayor and Aldermen of Heemskerk announced that it was unable to establish the applicant's identity properly with an expired passport. It therefore requested the appellant to send a certified copy of a valid identity document (i.e. copy of an original document that has been authorised or stamped as being a true copy of the original, by a qualified individual) or to visit the town hall in person. The appellant then sent a copy of a valid passport, without further explanations. The Council however decided not to consider the request. It took the view that it was not possible to properly establish the identity of the applicant with the information at its disposal. Although a copy of a valid passport had been submitted, it had emerged from the administration that the signature on the request and on the passport did not match the signature on previously submitted requests by a person with the same name who lives at the same address. According to the Council, it was therefore necessary to establish the identity of the applicant by means of one of the two options offered (certified copy or visit at the town hall). Is a data controller entitled to request the data subject to send a certified copy of an identity document or to visit its building in person to establish its identity, or are these two options so impeding that it affects the right of the data subject to freely request access to his data? On appeal, the Council of Mayor and Aldermen took the view that the appellant misused his rights because he made the access request with a view not to take cognisance of the personal data processed concerning him, but merely to collect penalty payments and obtaining reimbursement of legal costs from the publ
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Council of Mayor and Aldermen of Heemskerk in NL
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Council of Mayor and Aldermen of Heemskerk - Netherlands (2020). Retrieved from cookiefines.eu
Last updated: