Hoist Finance – Court Ruling (Netherlands, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Hoist Finance registered a customer's debt with a credit bureau, affecting their ability to get a mortgage. The court ruled that the registration was not justified under GDPR, as it lacked a proper legal basis. This decision means companies must carefully consider the impact of credit reporting on individuals.
What happened
Hoist Finance registered a customer's debt with a credit bureau without a valid legal basis, affecting their financial standing.
Who was affected
Customers whose debt information was registered with the Bureau Credit Registration, impacting their financial opportunities.
What the authority found
The court decided that Hoist Finance's registration of debt with the credit bureau lacked a valid legal basis under GDPR.
Why this matters
This case underscores the importance of ensuring that credit reporting practices comply with data protection laws. Companies should evaluate the necessity and impact of such registrations on individuals' financial lives.
GDPR Articles Cited
On 1 February 2010, the data subjects obtained credit of €28,500 from the credit lending company "Hoist Finance” (the controller). Soon after the agreement, first arrears in payment occurred in September 2010. Since these payment arrears still existed in 2014, the controller notified the data subjects that this could lead them to register these arrears with the Bureau Credit Registration (BKR), and subsequently did so. The debt further increased and the data subjects and controller set up a debt repayment scheme. In 2019, the controller exonerated the data subjects from paying a part of the controller's interest. Ultimately, in 2020, the debt was completely settled. However, the payment arrears, and the notification of exoneration of a part of the controller's interest, were still registered with the BKR. Moreover, these registrations would not be deleted from the BKR's database before October 2025. The data subjects requested the controller to explain the proportionality and subsidiarity of the BKR registration, and to have the registration deleted. The controller, however, argued that the registration sufficed these requirements and rejected the erasure request. Because the data subjects experienced financial issues from the registration, i.e. because they had troubles getting a mortgage, they brought the issue before Court. The District Court Amsterdam upheld the claim. First, the Court noted that, currently, there is debate in the judiciary about the legal basis registering payment arrears with the BKR: either Article 6(1)(c) GDPR or Article 6(1)(f) GDPR. The Court referred to the [https://uitspraken.rechtspraak.nl/inziendocument?id=ECLI:NL:PHR:2021:831&showbutton=true&keyword=ECLI%3aNL%3aPHR%3a2021%3a831 conclusion of Advocate General] in a similar case that ended up before the Dutch Supreme Court, in which the AG concluded that Article 6(1)(f) GDPR is the correct legal basis. The District Court followed the reasoning of the AG and noted that, therefore, the
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Hoist Finance in NL
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Hoist Finance - Netherlands (2021). Retrieved from cookiefines.eu
Last updated: