Court case 8403670 \ CV EXPL 20-1229 – Court Ruling (Netherlands, 2021)

A window cleaning company (Plaintiff) sold its customer database to the Defendant. The Plaintiff requested a fee for the database. The Defendant paid a third of the fee to the Plaintiff and did not want to pay the rest of the fee, as it argued that the transfer of the customer database did not comply with the GDPR. It claimed that the Plaintiff failed to ask for the customers’ consent and provided inaccurate and incomplete personal data - customers’ emails were missing. As a result, the Defendant argued that the Plaintiff did not comply with the acquisition agreement. Can the Defendant’s claim based on the GDPR invalidate an acquisition contract? The court held that the Plaintiff complied with the acquisition agreement and decided that the lack of consent does not constitute a breach of contract. The Plaintiff did not commit to obtain costumer’ consent and, the compliance with the GDPR was not part of the contractual obligations negotiated. Therefore, the parties did not agree that the Plaintiff would ask for consent and that the failure to do so should constitute a defect. The Court further explained that a GDPR infringement may be sanctioned with an administrative fine, which the Dutch DPA may impose on the parties involved. This does not mean that an acquisition agreement, in which data of third parties are 'traded', must be considered as invalid. Nor does it provide a ground for termination. Thus, the Defendant must pay the agreed purchase price, plus interests and the cost of the proceedings.