AP (The Netherlands) โ Court Ruling (Netherlands, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Dutch court ruled that a social security agency wrongly shared a child's personal data with the tax office. This matters because it highlights the importance of protecting personal information, even when shared between government bodies. The court's decision shows that privacy laws apply to everyone, including public agencies.
What happened
The social security agency in the Netherlands shared personal data of a child with the tax office without proper justification.
Who was affected
The affected individuals were children whose personal data was shared by the social security agency with the tax office.
What the authority found
The court found that the social security agency unlawfully invaded the child's privacy by sharing her data with the tax office without a valid legal basis.
Why this matters
This case emphasizes that even government agencies must adhere to privacy laws when sharing personal data. It serves as a reminder for all organizations to ensure they have a valid reason before sharing personal information.
GDPR Articles Cited
The SVB (controller), a social security administrator in the Netherlands, structurally send personal data of newly born children to the Tax Administration. The controller has this data, as it is responsible for paying out the general child allowance. The tax office is responsible for paying out the child-related budget (an extra allowance for low-income families). The data subject's father believed that the controller wrongfully shared his daughter's information with the Tax Administration in connection with the child-related budget. He never submitted an application for this allowance and, in view of his income, he was not eligible for it. Complaint 1: on 4 January 2017, the data subject's father submitted a complaint with the Dutch DPA. He argued that the controller failed to carry out a proportionality test, which was a breach of the Wpb.'Wet bescherming persoonsgegevens,' the implementation of Directive (EU) 2016/680 (the GDPR predecessor) He requested the DPA to order the controller to immediately cease the structural provision of data on all children to the Tax Authorities. Complaint 2: on 17 May 2019, the data subject filed another complaint with the DPA against the controller and the Tax Authority (now based on the GDPR). He argued that the controller violated the principle of proportionality and subsidiarity contained in the GDPR. He requested the DPA to order the controller and the Tax Authority to remove his daughter's personal data from their systems. (He has now limited this complaint to the controller). On 19 November 2020, the DPA rejected the complaint. The data subject's father also started legal proceedings against the controller. This resulted in a [https://gdprhub.eu/index.php?title=Rb._Midden-Nederland_-_AWB_-_20_3811 Court ruling on 4 May 2021], where the Court held that the controller had indeed unlawfully invaded the privacy of the data subject by providing her personal data to the Tax Administration. The controller appealed this decision t
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for AP (The Netherlands) in NL
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. AP (The Netherlands) - Netherlands (2021). Retrieved from cookiefines.eu
Last updated: