Het college van burgemeester en wethouders van Den Haag – Court Ruling (Netherlands, 2020)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Dutch court ruled that The Hague's municipality did not have to provide all requested personal data because it was either not stored or anonymized. This case clarifies the limits of data access rights under GDPR.
What happened
The Hague's municipality was challenged for not providing complete personal data access, but the court ruled in their favor.
Who was affected
A person requesting access to their personal data held by the municipality of The Hague was affected.
What the authority found
The court ruled that the municipality's decision to withhold certain data was justified because the data was either not personal or anonymized.
Why this matters
This ruling clarifies that not all data requests under GDPR must be fulfilled if the data is not personal or is anonymized. It sets a precedent for how data access rights are interpreted, especially concerning anonymized data.
GDPR Articles Cited
On 27 December 2018, the claimant requested access to his personal data held by the municipality of The Hague. He requested access to, among others, the information relating to an IP address, serial numbers and details of bicycles towed by the municipality and email communication with the employees of the municipality. The municipality provided claimant with some information but decided against disclosing all requested personal data. The claimant insists that the list of personal data provided by the municipality is incomplete. He argues that IP address, email communication and debit card payment information for the towed bicycle should be included. The Court ruled that, as follows from the case law of the Administrative Division of the Council of State, the person who claims that there should be more personal data, has to make it evident that this is indeed the case if they want to contest the administrative body’s investigation into the matter. The municipality has stated that IP addresses are not stored or linked to persons, it also doesn’t have the means to link IP addresses to a specific person (additional information from an ISP would be necessary here). Lastly, it would take an impossible amount to time and resources for the municipality to trace and identify all people who communicate IP addresses to the municipality. The Court ruled that when a processing requires an excessive effort, resulting in identification being practically impossible, an IP address cannot be considered personal data. Regarding the processing of the debit card payment data, the municipality indicated that that data is anonymized, which means it cannot be traced to the claimant. Regarding the claimant’s email communication with the municipality, the Court found that the claimant already has the emails he sent himself and the municipality’s response. Moreover, the Court ruled that Article 15 GDPR does not entitle the claimant to receive a copy of the physical or digital documents
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Het college van burgemeester en wethouders van Den Haag in NL
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Het college van burgemeester en wethouders van Den Haag - Netherlands (2020). Retrieved from cookiefines.eu
Last updated: