Joint Tax office Lococensus Tricijn – Court Ruling (Netherlands, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Dutch Tax Office sent a letter to the wrong address, exposing personal data to a third party. The court found this violated GDPR rules about data protection and transparency. Although no fine was imposed, the case highlights the importance of handling personal data carefully.
What happened
The Dutch Tax Office sent a letter containing personal data to an incorrect address, exposing it to a third party.
Who was affected
The person whose personal data was mistakenly sent to the wrong address by the Dutch Tax Office.
What the authority found
The court ruled that the Dutch Tax Office violated GDPR by failing to protect personal data and not being transparent about data sharing.
Why this matters
This case emphasizes the need for organizations to ensure accurate data handling and transparency about data sharing. It serves as a reminder for businesses to verify addresses and obtain clear consent before sharing personal data.
GDPR Articles Cited
In June 2019, the defendant, the Dutch Tax Office (Gemeenschappelijke belastingkantoor Lococensus-Tricijn', 'GBLT'), addressed a letter to the claimant. However, the destination of the letter was the claimant's old residential address. The claimant sent an email to the defendant, drawing attention to this error and emphasising that, as a result, his personal data had reached a third party. In its response, the defendant apologised, and proposed that the appropriate action would be to ask the third party to delete the relevant data and confirm this. The claimant indicated they were unable to respond to this proposal until certain ambiguities were resolved regarding the content of the leaked data. In August 2019, the claimant sent another email to the defendant, in which he asked a number of questions regarding the provision of his email address by the defendant to a company called 'KCM Survey BV', as well as other third parties for customer research purposes. Among other things, the complainant stated that he had not given his consent for this transfer, and asked what the legal basis was for sharing his data with third parties, and which third parties his data was shared with. The defendant responded stating that it considered processing for customer research purposes to be part of its statutory duties - more specifically, evaluating and ensuring the quality of the implementation of the Tax Act ('belastingwet') - and that therefore it does not consider it necessary to rely on the consent of data subjects. It did add, however, that it considered the claimant's communication as an objection to the processing of his email address for customer research purposes, and that it would no longer process the email for this purpose. Several months later, on 16 February 2020, the claimant asked for more information about the initial data breach involving the letter, as it was still not clear to him which documents were leaked. On 28 February 2020, by primary
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Violations (1)
Third-party tracking cookies or scripts are loaded without obtaining prior user consent.
Art. 13, 14 GDPR
Related Cases (0)
No other cases found for Joint Tax office Lococensus Tricijn in NL
This is the only recorded case for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
About this data
Cite as: Cookie Fines. Joint Tax office Lococensus Tricijn - Netherlands (2021). Retrieved from cookiefines.eu
Last updated: