Court case UTR 21/2729 – Court Ruling (Netherlands, 2022)

The data subject used to be an employee at the municipality (controller) until 8 July 2008. On 6 May 2021, the data subject requested rectification of all changes made until this date in their files. The central question of this ruling is whether or not the data subject's request could be seen as a rectification request within the meaning of the GDPR. The court ruled that the data subject’s request to rectify changes made to his employee file could not be classified as a request within the meaning of Article 16 GDPR. The court stated that Article 16 GDPR is limited to rectifying incorrect personal data and completing personal data which is incomplete. The court stated that this was not the initial intention of the data subject, who only made his request more specific at the hearing for this ruling. However, even with this clarification, the data subject was not able to prove that his request was a rectification request within the meaning of Article 16 GDPR. The court also noted that the request did also not qualify as a request for getting access to personal data (Article 15 GDPR), erasing personal data (Article 17 GDPR) or restricting the processing of personal data (Article 18 GDPR). The court concluded that the data subject's request was not a request within the meaning of the GDPR. Therefore, a (lacking) response from the controller to this request was not a "decision" (Besluit) within the meaning of Article 6(2)(b) of the General Administrative Law Act (Awb), a Dutch administrative law provision. The data subject's request itself could also not be regarded as an "application" (aanvraag) in the sense of Article 1(3)(3) Awb either. Because of the fact that both the request from the data subject, as well as the (lacking) response from the controller did not fall under these national provisions, the appeal was deemed inadmissible by the court.