Municipality of Utrechtse Heuvelrug – Court Ruling (Netherlands, 2020)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Dutch court ruled that the Municipality of Utrechtse Heuvelrug acted correctly in handling a citizen's request to delete his personal data from a forum. The court found that the municipality had already ensured the data was removed, so no damages were awarded. This case highlights the importance of municipalities understanding their responsibilities when handling personal data requests.
What happened
The Municipality of Utrechtse Heuvelrug was taken to court over a citizen's request to delete his personal data from a forum.
Who was affected
A citizen whose personal data was posted on a forum used by multiple municipalities.
What the authority found
The court decided the municipality had fulfilled its obligations by ensuring the data was deleted, so no damages were awarded.
Why this matters
This ruling emphasizes that municipalities must ensure they handle personal data requests properly. It also clarifies that they can be seen as responsible when their officials post personal data online.
GDPR Articles Cited
The claimant is a citizen who made an Article 17 GDPR request to the Municipal Executive of the municipality of Utrechtse Heuvelrug to delete his personal data processed on a forum used by different municipalities to cooperate and in emails to other administrative bodies. He also requested €3,000 in damages under Article 82 GDPR. The Executive rejected the request for deletion because the claimant's personal data had already been removed from the forum and because no personal data of his had been processed by e-mail. He also rejected the claim for damages on the grounds that the application was insufficiently substantiated. The claimant disagreed, arguing his data was still on a back-up of the forum. The defendant responded by stating the forum was responsible for data operations on the platform, and that the citizen should make his erasure request. First, the District Court of Midden-Nederland assessed whether the Municipal Executive should considered a controller in this case. It considered a previous case by the Administrative Jurisdiction Division of the Council of State (ECLI:NL:RVS:2019:181) and held that because municipal officials placed messages about the claimant containing his personal data on the forum, their actions must be attributed to the municipal executive for which they work and he must be regarded as a controller. However, it found he complied with his obligations after receiving the erasure request. Indeed, he contacted the forum which deleted the claimant's personal data from its platform. Second, it evaluated whether the claim for damages should be upheld. It started by citing a previous court decision which confirmed the mention of the claimant's name on the forum was lawful in accordance with Article 6(1)(e) GDPR. It found that such processing was necessary and proportionate to the invasion of the plaintiff's privacy to prevent fraudulent claims for penalty payments from different municipalities. Thus, the court rejected the claim for
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Municipality of Utrechtse Heuvelrug in NL
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Municipality of Utrechtse Heuvelrug - Netherlands (2020). Retrieved from cookiefines.eu
Last updated: