NN โ Court Ruling (Netherlands, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Dutch court ruled that a person accused of insurance fraud could access the name and address of a former employee who allegedly committed identity fraud. This decision helps the accused person potentially hold the real fraudster accountable. The court emphasized the importance of having a legitimate interest in requesting personal data.
What happened
The court allowed the release of a former employee's name and address to a person accused of insurance fraud, who claimed identity fraud.
Who was affected
The person accused of insurance fraud who needed the information to potentially sue the alleged real fraudster.
What the authority found
The court decided that the accused had a legitimate interest in obtaining the personal data to pursue a legal claim against the alleged fraudster.
Why this matters
This case highlights that courts may allow access to personal data if there's a legitimate interest, even without proving the underlying claim's success. Businesses should be aware that identity disputes might require sharing personal data under specific circumstances.
GDPR Articles Cited
National Law Articles
The defendant allegedly took out household contents insurance with the insurance company 'Nationale Nederlanden' (the controller). Under this insurance, the defendant made claims for damages based on false documents. The controller found out and claimed damages from the defendant for submitting claims based on false documents. The defendant disputed that he made those false claims, and, moreover, that he took out any insurance at all. He alleged identity fraud by a former employee of the controller (the data subject). The defendant stated that the data subject received the money paid by the controller through some sort of fabrication. To prove this, the defendant claimed the release of the data subject's name and address details. In addition, the defendant argued that if it would be ordered to pay, he would have a claim against the data subject for that amount. He therefore believed it was in his interest to call the data subject in indemnity. The controller disputed that it had to provide the address details. It argued that, the defendant did not sufficiently substantiate his interest in requesting the release of the data subject's name and address details. It also stated that the request was in violation of Article 6(1)(f) GDPR. First, the Court stated that pursuant to Article 843a(1) of the Code of Civil Procedure (CCP), the defendant may demand certain specified documents relating to a legal relationship in which they are a party from the person who has these documents at their disposal. The defendant must however have a legitimate interest in receiving the documents. The Court stated that, without the name and address details, the defendant would be unable to hold the data subject liable for the damages resulting from the claim alleged by the defendant. The defendant thus had an interest in granting the claim to provide the name and address details. The Court added that it was not necessary for defendant to show that his underlying claim would succeed. It wa
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for NN in NL
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. NN - Netherlands (2022). Retrieved from cookiefines.eu
Last updated: