Ministry of Finance – Court Ruling (Netherlands, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A person in the Netherlands tried to access their personal data held by a government agency but was told it didn't fall under GDPR rules. The Council of State confirmed that the agency's activities were not covered by GDPR, meaning the person had no right to access their data. This ruling clarifies the limits of GDPR when it comes to certain government functions.
What happened
The Council of State upheld a decision that a government agency's data processing was not subject to GDPR.
Who was affected
A person who requested access to their personal data from the Dutch Fiscal Intelligence and Investigation Service.
What the authority found
The court found that the agency's processing of data was exempt from GDPR under specific legal provisions.
Why this matters
This case highlights that not all government data processing activities are covered by GDPR, which can limit individuals' rights to access their data. It reminds users to understand the context of data processing when making access requests.
GDPR Articles Cited
On 15 June 2019, the data subject made an access request under Article 15 GDPR to the Dutch Fiscal Intelligence and Investigation Service (FIOD). The FIOD is a government agency in the Netherlands responsible for investigating financial crimes, and is under the administration of the Ministry of Finance. On 7 August 2019, the FIOD responded to the data subject, stating that no personal data which the GDPR applied to was being processed by them. Instead, the data subject’s data was processed under the Police Data Act, which offered no equivalent right of access as under the GDPR. The data subject challenged the FIOD’s response at a District Court. In a judgment dated 22 November 2022, the District Court dismissed the data subject’s claims on the grounds that the FIOD’s activity’s fell under Article 2(1)(d) GDPR. This Article provides that the GDPR does not apply to the processing of personal data ‘by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.’ Consequently, the data subject had no right of access as the GDPR did not apply to the FIOD’s processing activities. The data subject appealed the District Court’s decision to the Council of State (Raad van State), the Netherlands’ highest administrative court. On 11 October 2023, the Council of State heard the data subject’s appeal. In the appeal, the data subject submitted that the District Court had erred in its reading of Article 2(1)(d) GDPR and should not have interpreted the Article as applying to the FIOD, as the FIOD was under the administration of the Ministry of Finance and was not a police body. As a result, the data subject argued that their data held by the FIOD fell under the GDPR’s material scope, and thus, they had a right of access to the data. The Council of State held that the District Court had correctly
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Ministry of Finance in NL
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Ministry of Finance - Netherlands (2023). Retrieved from cookiefines.eu
Last updated: