NWO-I (Netherlands Foundation of Scientific Research Institutes) – Court Ruling (Netherlands, 2021)

NWO-I (Netherlands Foundation of Scientific Research Institutes) rejected the applicant’s subject access request. More specifically, the applicant wanted to see what personal data was sent to his former employer by email and examine the related documents. NWO-I is of the opinion that the access request is formulated too broadly and must be rejected. Moreover, NMO-I claims that it has checked its personnel files and that these do not contain any personal data of the applicant. The initial request of the applicant was indeed very broadly formulated. However, the applicant has subsequently explained that he was looking for specific emails between NWO-I and his former employer. Moreover, the applicant was able to demonstrate an email chain where he was mentioned. The Court noted that the right of access does not extend to (parts of) internal notes that contain the personal thoughts of employees of the data controller and that are exclusively intended for internal consideration. However, this exception does not apply in this case because the personal data were shared with third parties outside of NMO-I. NMO-I must provide the applicant with the complete overview of all personal data it processed via emails with third parties concerning the applicant and his former employer. NMO-I must also provide copies of underlying documents, but it can edit out the names of the senders and recipients.