Executive Board of TU Delft – Court Ruling (Netherlands, 2020)

The appellant requested TU Delft to provide him with more personal data in response to the subject access request under Personal Data Protection Act. TU Delft refused to give more information and rejected the request under the Dutch Administrative Law Act. In its earlier ruling, this Court has decided that the restriction of access was justified. According to TU Delft, the appellant has not made it plausible that the overview of personal data was incomplete; the appellant has also been given sufficient opportunity to take notice of his personal data processed by TU Delft. More specifically, cording to the TU Delft, a copy of the study advisers' work records should be excluded from the scope of subject access request because these records contain personal thoughts that are used for mutual consultation. Lastly, TU Delft states that it has started using a different data storage system from 2010, and not all data has been migrated from the old system. The appellant contests the fact that he has received sufficient access to the personal data in question and points out that he has good reasons to suspect that more personal data is processed. Based on the existing jurisdiction on the matter, the Court ruled that a person who states that there must be more personal data than what he received from an administrative body in response to a DSAR, must make it plausible that there is indeed more personal data. Complainant did not make it evident that more data is proceed by TU Delft. Appeal was rejected.