The City Government of the Municipality Maastricht – Court Ruling (Netherlands, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The City Government of Maastricht failed to provide a former employee with complete access to her personal data. The court ordered the city to correct its response and explain any refusals. This case shows the importance of transparency in handling access requests.
What happened
The City Government of Maastricht did not fully comply with a former employee's data access request.
Who was affected
A former employee of the City Government of Maastricht who requested access to her personal data.
What the authority found
The court ruled that the City Government violated principles of good administration by not fully addressing the access request and ordered it to provide a complete response.
Why this matters
This ruling emphasizes the need for public bodies and companies to handle data access requests thoroughly and transparently. It serves as a reminder to ensure compliance with GDPR's access rights.
GDPR Articles Cited
National Law Articles
The controller is the City Government of the Municipality of Maastricht. The data subject used to work for the controller. The data subject filed an access request but found the controller’s response insufficient. After the controller rejected her objection, the case was brought to the Court. The Court found that the controller violated general principles of good administration. The Court gave the controller the opportunity to rectify its mistakes and ordered the controller to make a new substantive decision on the data subject’s access request within six weeks. If the controller were to refuse access, it must explain why refusal was necessary and proportionate. The Court extended the deadline in a second interlocutory decision. In the new substantive decision, the controller provided an overview of each specific processing of the data subject‘s personal data. However, it omitted several details about the data subject, in particular about her as a former employee. The controller weighed the interests of the employee and the rights and freedoms of others and based this omission on Article 15(4) GDPR in combination with [https://wetten.overheid.nl/jci1.3:c:BWBR0040940&hoofdstuk=4&artikel=41&z=2018-05-25&g=2018-05-25 Article 41(1)(i) Implementation Act GDPR]. The controller provided the information it omitted to the Court. The Court justified the omission in an interim decision of 20 December 2021. This judgement builds on those interlocutory judgements. The Court upheld the data subject’s appeal from the contested decision because of violations of the principles of good administration, and it annulled the decision. However, it also upheld the legal consequences of the annulled part of the contested decision, as the defects of the contested decision had been remedied. Then, the Court considered the data subject’s appeal to the new substantive decision. First, the Court stipulated that Article 15(1) GDPR does not include a right to access every specific processing
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for The City Government of the Municipality Maastricht in NL
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. The City Government of the Municipality Maastricht - Netherlands (2022). Retrieved from cookiefines.eu
Last updated: