Regional Public Health Service (RDOG) Hollands Midden – Court Ruling (Netherlands, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Dutch court ruled that the Regional Public Health Service wrongly registered a report about a person without informing them. The court found that the service violated GDPR by not notifying the person about the report. This case highlights the need for organizations to inform individuals when their data is processed.
What happened
The Regional Public Health Service registered a report about a person without notifying them.
Who was affected
An individual who was reported anonymously to the Care and Nuisance Reporting Centre.
What the authority found
The court ruled that the service violated GDPR by failing to inform the individual about the report, but it was not required to reveal the identity of the anonymous reporter.
Why this matters
This decision underscores the importance of transparency in data processing. Organizations should ensure they notify individuals when their data is being processed, even if the data comes from anonymous sources.
GDPR Articles Cited
The controller is the managing board of the Regional Public Health Service (RDOG) Hollands Midden. The data subject is a person who was reported anonymously to the Care and Nuisance Reporting Centre of the Municipal Health Service (GGD) Hollands Midden. This Reporting Centre discussed the report in their meeting, and decided that this was not a task for them, so they closed the file. However, controller also received a notification of this report, and registered this notification in their system by mistake. Moreover, the controller did not inform data subject about this notification. After the data subject became aware of the existence of the notification at the beginning of 2020, they wanted to find out who reported them. Hence, they filed an access request pursuant to Article 15 GDPR, after which they received a copy of the report that was made. However, because the report was anonymous, a passage containing personal data of the person who reported them, was omitted. Data subject wanted to know the identity of this person, so they could pursue further legal claims against them, and brought the action before court. The Court rejected the appeal. First, it stated that the controller wrongfully did not inform the data subject regarding the notification, violating Article 13(1) GDPR. The controller, however, had already acknowledged this, apologised to the data subject and adjusted the work process to avoid a similar situation in the future. Second, the Court considered data subject’s claim to know the identity of the person who reported them. It stipulated that the GDPR is not intended for this purpose, since the purpose of the right to access is to enable the data subject to inform themselves of the processing of their personal data and to check the lawfulness thereof. According to the Court, it is not the controller’s task to enable the data subject to improve their legal claim against another entity, via the GDPR. Moreover, the Court stated that, pursuant to
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Regional Public Health Service (RDOG) Hollands Midden in NL
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Regional Public Health Service (RDOG) Hollands Midden - Netherlands (2021). Retrieved from cookiefines.eu
Last updated: