Minister van Buitenlandse Zaken, Directie Juridische Zaken – Court Ruling (Netherlands, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Dutch court decided that the Ministry of Foreign Affairs did not abuse GDPR rights when it denied a data access request. The court found that the request was not made for an improper purpose. This case highlights the importance of understanding the purpose behind data access requests.
What happened
The Ministry of Foreign Affairs denied a data access request, claiming it was an abuse of rights.
Who was affected
An individual who requested access to personal data held by the Ministry of Foreign Affairs.
What the authority found
The court ruled that the data access request was not an abuse of GDPR rights.
Why this matters
This decision emphasizes that data access requests should be evaluated based on their purpose, and not all requests with potential secondary uses are abuses. Organizations should carefully assess the intent behind access requests.
GDPR Articles Cited
On 28 March 2019, the complainant submitted a DSAR to the Directorate of Legal Affairs of the Ministry of Foreign Affairs (The Directorate). The complainant has previously received an email from the Repatriation and Departure Service (DT&V), containing data about the claimant. According the DT&V, that data originated from the Directorate. On 29 April 2019, the Directorate rejected the complainant’s request of access to his personal data. On 17 September 2019, complainant’s objection to this decision was rejected as unfounded. The complainant appeals against this decision. The Directorate claims that the complainant’s DSAR cannot be granted because the Ministry is not controller of the affected personal data: the identity investigation in question was ordered by the Repatriation and Departure Service (DT&V). In addition, after rejecting the complainant’s objection, the Directorate claimed that the complainant was abusing his rights. The Directorate pointed out that complainant has submitted access requests to both DT&V and the Directorate, and that he wanted to use this data in other process, so access to personal data was not the end goal of the request. The Court considered that it was not obvious that the complainant’s wish to access his data was contrary to the purpose of the GDPR. The fact that these data could be used in another procedure also did not not lead the Court to believe that there was an abuse of rights. The Court also pointed to the case law, from which it follows that the access request where another procedure is concerned only constitutes an abuse of rights in special circumstances. For example, if rights or powers have been used so manifestly without reasonable purpose or for a purpose other than that for which they were granted. The Court saw no reason to rule that there had been an abuse of rights by the complainant. When deciding whether the Directorate was a controller or a processor, the Court considered the following. The Director
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Minister van Buitenlandse Zaken, Directie Juridische Zaken in NL
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Minister van Buitenlandse Zaken, Directie Juridische Zaken - Netherlands (2021). Retrieved from cookiefines.eu
Last updated: