Sociale Verzekeringsbank – Court Ruling (Netherlands, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Dutch court ruled that the Social Security Bank shared too much personal data of newborns with the tax office. Although the sharing was legal, it was deemed excessive, but no damages were awarded. This case shows the need to balance data sharing with privacy.
What happened
The Social Security Bank shared excessive personal data of all newborns with the tax office without sufficient justification.
Who was affected
Newborn children in the Netherlands whose personal data was shared with the tax office.
What the authority found
The court found the data sharing was excessive under GDPR, but no compensation was awarded as damages were not proven.
Why this matters
This ruling highlights the importance of ensuring data sharing is necessary and proportionate. Organizations should evaluate their data sharing practices to ensure they do not exceed what is legally justified.
GDPR Articles Cited
National Law Articles
The Sociale Verzekerinsbank (Social Security bank, hereafter SVB) sends personal data of all newly born children in the Netherlands to the 'toeslagen' (welfare benefits) department of the tax office in a 'start-message'. The start-messages are shared on the basis of an agreement between the SVB and the tax office. Data includes the BSN-number (a state-issued identity number), date of birth and country of residence of the child. The SVB has this data as it is responsible for paying out the general child allowance, to which all parents/caretakers are entitled. The tax office is responsible for paying out the 'kindgebonden budget' (child-related budget), an extra allowance for relatively low-income families. The data in the start-messages is used to quickly decide on applications for the child-related budget. The claimant has a daughter born in 2016, whose personal data was shared by the SVB with the tax office in a start-message. The claimant's daughter does not qualify for the child-related budget. The court considered whether the child's personal data was legally shared with the tax office under the GDPR, and where it was not, whether the representative of the child have a right to monetary compensation. It held that whilst there was an infringement of the GDPR, the claimant is not entitled to compensation as damages could not be proven. The court considers that there is a proper legal basis in the law for sharing the data in the start-messages in the form of Article 38 of the Algemene wet inkomensafhankelijke regelingen (General law on income-related schemes) which requires state organs to share all relevant information with the tax office which they may need to fulfil their obligations. However, the data sharing through start-messages as required by the agreement between the SVB and the tax office is excessive. The court considers that data of all children is shared, whereas only about 42% of them qualify for the child-related budget. The agreement could therefo
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Sociale Verzekeringsbank in NL
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Sociale Verzekeringsbank - Netherlands (2021). Retrieved from cookiefines.eu
Last updated: