KPN – Court Ruling (Netherlands, 2021)

Plaintiff was removed from the National Interpreters Registry after claims of fraud. The Tolk- en Vertaalcentrum Nederland (Dutch Interpreters and Translation centre), a intermediary company where plaintiff had an account, claims that plaintiff fraudulently put out, accepted, and then cancelled interpreting assignments, inducing the centre to pay him cancellation fees. As a result hereof, plaintiff was removed from both the centre and the national registry, and lost income. Plaintiff disputes that he put out the cancelled assignments, and claims that the Court should order KPN, an Internet Service Provider ('ISP'), to hand over information on the users of the IP addresses from which the assignments were created. This would allow plaintiff to prove that others put out the assignments, and claim damages from them. The Court considers that (in line with Dutch jurisprudence, see [http://deeplink.rechtspraak.nl/uitspraak?id=ECLI:NL:HR:2005:AU4019 HR 25 november 2005, ECLI:NL:HR:2005:AU4019 (Lycos/Pessers)]) under certain circumstances ISPs can be forced to hand over subscriber information to injured parties. This allows them to bring actions before civil courts. This is in line with Article 6(1)f GDPR, as it necessary for the purposes of protecting the legitimate interests of a third party. However, in the present case, claimant fails to demonstrate that the 37 IP addresses logged by the intermediary company belong to one or more data subjects which have indeed fraudulently put out assignments. First of all, KPN only holds on to IP information for six months whereas all the assignments were put out in the period between 2017 and 2019. Secondly, the claimant received at least €3000. It is not credible that the claimant simply did not notice these charges before he was removed from both the intermediary and the national registry. Therefore, it seems unlikely that receiving the subscriber information will help claimant in his disputes with both organisations. As the con