Court case 2019/AR/1006 – Court Ruling (Belgium, 2019)

Client Y of Bank X requested the bank on the basis of Article 16 GDPR to write their name with the appropriate diacritics. The Bank argued that this was not possible with their current computer systems and could thus not fulfil the request. In response, the client lodged a complaint with the Belgian DPA. The Litigation chamber (Geschillenkamer) of the DPA ruled on the 15th of May 2019 that the argument of the Bank concerning the technical impossibility was not sufficient. The Litigation chamber ruled that the Bank should comply with the request of Client Y. The Bank decided to appeal the decision, because - inter alia - it was already working on upgrading their computer systems and the problem should be fixed within several months. In the appeal procedure, the Bank argues that there is no obligation to use correct diacritics in capital letters, and that this is not "personal data". The DPA disagrees and argues that Article 16 GDPR unreservedly grants the right to the data subject to request the rectification of incorrect personal data without delay. Correct spelling of one's name is personal data in accordance with Article 4(1) GDPR, according to the DPA. The Court of Appeal of Brussels held that, in accordance with Article 16 GDPR, the data subject has the right for their name to be correctly spelled when processed by the computer systems of the Bank. To claim in 2019 that adapting a computer system to correctly handle diacritics would cost several months of work and/or constitute additional costs for the Bank, does not allow the Bank to disregard the rights of the data subject. A correctly functioning banking institution may be expected to have computing systems that meet current standards, including the right to correct spelling of people's names.