Stichting Eega Plus – Court Ruling (Netherlands, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Dutch court ruled on a dispute over a work laptop containing personal data. The court decided that neither the employer nor the employee fully won the case, suggesting a compromise to protect both parties' privacy. This case shows how personal data on work devices can lead to complex privacy issues.
What happened
A former employee wanted to delete her personal data from a work laptop before returning it, while the employer wanted the laptop back without granting access.
Who was affected
A former employee of Stichting Eega Plus who stored personal data on a work laptop.
What the authority found
The court ruled that both the employee's and employer's privacy concerns were valid and proposed a compromise to erase the personal data without granting unauthorized access.
Why this matters
This ruling underscores the need for clear policies on personal data storage on work devices. Employers and employees should agree on data management practices to avoid conflicts.
GDPR Articles Cited
The data subject used to work for Eega (controller), a company that guides disabled people towards employment. After termination of the data subject's employment, her employer restricted her access to the laptop as it was still in the data subject's possession. The controller filed a claim in interim relief proceedings demanding the return of the laptop. The data subject did not object to the laptop being returned. However she wanted to delete her personal data from the laptop first and invoked her right to privacy. The data subject filed a counterclaim to demand that she would be given the chance to erase her personal data from the laptop. The controller did not consider this a reasonable demand because (1) the laptop was meant for work-related purposes only (so not for storing personal information). In addition, (2) access to the laptop would give the data subject unauthorised access to its confidential work environment. The controller thus also invoked its right to protection of privacy-sensitive information. The District Court of Overijssel (Rechtbank Overijssel - Rb. Overijssel) concluded that both claims were partly justified. The controller’s claim was not fully justified, as the controller did not dispute that the laptop contained personal data of the data subject. The fact that the data subject was not allowed to put these data on the laptop was irrelevant. It was still personal data within the meaning of the GDPR and therefore protected by this Regulation. The data subject’s counterclaim was not fully justified, as granting her access to the laptop would give her access to the controller’s digital work-environment. This contained personal data for which the controller was responsible (other employees, clients). The Court held that the solution must be found in the middle. The Court proposed that laptop would be taken to the controller. Someone other than the data subject or the controller could then erase the data subject's personal data from t
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Stichting Eega Plus in NL
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Stichting Eega Plus - Netherlands (2022). Retrieved from cookiefines.eu
Last updated: