Cooperative Rabobank U.A. – Court Ruling (Netherlands, 2020)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Amsterdam court ruled that Rabobank could keep negative credit records on a customer who wanted them removed. The court said these records are important to protect both the customer and lenders from financial problems. This decision means banks can keep such records if they have a good reason, even if the customer disagrees.
What happened
Rabobank refused to remove negative credit records from a customer's file, and the court agreed with the bank.
Who was affected
The customer whose negative credit records were registered in a central credit information system.
What the authority found
The court ruled that Rabobank's credit records served a legitimate purpose that outweighed the customer's request to remove them.
Why this matters
This case highlights that banks can maintain credit records if they have valid reasons, even if customers feel it affects their financial opportunities. Businesses should ensure their record-keeping practices have clear, legitimate purposes.
GDPR Articles Cited
The District Court of Amsterdam rejected a request of removal of negative registrations in a credit information system pursuant to Article 17 GDPR, reasoning that the purpose of these registrations provided sufficient legitimate grounds to override personal interests. In 2003, the claimant (data subject) took out an investment mortgage at the cooperative bank Rabobank (the controller). From 2008 onwards, several payment arrears occurred and in 2016, the data subject stopped paying the monthly instalments. In 2020, the house in question was sold and the mortgage plus interest paid to the bank. The data subject also had a checking account with Rabobank. Here overdrafts occurred in 2008 (repaid in 2017) and in 2018 (repaid in 2021). As a consequence, Rabobank registered two code numbers (‘BKR registrations’) at the central credit information system. They regarded both the mortgage and the credit from the checking account, indicating the data subject’s history with payment arrears to potential creditors. In 2022, the data subject submitted a request for removal of the BKR registrations pursuant to Article 17 GDPR, which the bank rejected. He then sought a court order forcing the bank to remove the BKR registrations, basing his request on Article 21(1) GDPR and Article 6(1) GDPR. The data subject argued that he was now in a financially stable situation and that the registrations impacted him unjustifiably, as he could not obtain long-term financing at a market-based interest rate for the companies he is a shareholder of. The bank raised a defence. The court raised the question, whether there are grounds for the removal of the BKR codes. The court held that the registration codes’ aims, namely, to protect both the customer from excessive indebtedness and potential creditors from uncreditworthy borrowers, meet the requirement of compelling legitimate grounds and override the claimant’s interests in accordance with Article 21(1) GDPR, which allow the controller to furt
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Cooperative Rabobank U.A. in NL
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Cooperative Rabobank U.A. - Netherlands (2020). Retrieved from cookiefines.eu
Last updated: