T-Mobile Netherlands B.V. – Court Ruling (Netherlands, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Dutch court ruled that T-Mobile had to provide more information about how it handled customer data for a research project. The court found that T-Mobile didn't fully explain its data processing, especially regarding automated decisions. This case highlights the importance of transparency in data handling.
What happened
T-Mobile failed to fully disclose how it processed customer data for a research project, particularly regarding automated decision-making.
Who was affected
T-Mobile customers whose data was used in research conducted by the Central Bureau of Statistics.
What the authority found
The court decided that T-Mobile needed to provide more details about its data processing activities, especially automated decision-making, under GDPR Article 15.
Why this matters
This decision underscores the need for companies to be transparent about their data processing practices, especially when it involves automated decisions. Businesses should ensure they can clearly explain how they handle customer data.
GDPR Articles Cited
National Law Articles
The data subject had a phone subscription with T-Mobile (controller). The Central Bureau of Statistics (CBS) conducted statistical research with large datasets acquired from T-Mobile. T-Mobile stated that no personal data was shared with the CBS since all data had been anonymised. The data subject doubted statement from T-Mobile. He submitted an access request for the personal data T-Mobile processed for the CBS’s research. T-Mobile rejected the request stating that it had not processed any of the data subject’s personal data in this regard. Since the data subject was convinced that T-Mobile had to comply with his request, he brought the issue before the court. In an [https://gdprhub.eu/index.php?title=Rb._Oost-Brabant_-_C%2F01%2F371762_%2F_EX_RK_21-90_%28interim_decision%29 interim decision] the court held that T-Mobile violated Article 15 GDPR because any anonymisation process involves processing of personal data at least in the initial phase. The Court stipulated that T-Mobile had to indicate the exact nature and origin of the processed’ personal data. Although T-Mobile claimed that it had deleted that data, it submitted no proof of this. The court decided to suspend the proceedings and T-Mobile was given the opportunity to submit additional documents. T-Mobile submitted these additional documents in the case at hand. However, the data subject stated that these documents still did not include all the information requested. The court mostly adhered to its interim decision. It held that T-Mobile did provide all the information required under Article 15(1)(a), (c), (d), and (g) GDPR. The court found that an email where T-Mobile's director of Intelligence & Insights stated that "the data had been deleted" sufficient evidence of that fact. As there was no data, it could not be provided to the data subject. However, T-Mobile did not provide sufficient information about automated decision-making and profiling (Article 15(1)(h) GDPR). The Court ordered T-Mobile
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for T-Mobile Netherlands B.V. in NL
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. T-Mobile Netherlands B.V. - Netherlands (2022). Retrieved from cookiefines.eu
Last updated: