Court case C/16/536914 / HA RK 22-78 – Court Ruling (Netherlands, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Dutch court ruled on a case where a forum user wanted access to his posts and related information after being banned. The court decided that the broadcaster did not have to provide the information because the user's profile name was not considered personal data. This case highlights the complexities of what counts as personal data under GDPR.
What happened
A forum user requested access to his posts and related information after being banned, but the court ruled that the broadcaster did not have to provide it.
Who was affected
A forum user who had been banned from a Dutch public broadcaster's website.
What the authority found
The court decided that the user's profile name was not personal data, so the broadcaster was not required to provide access under GDPR.
Why this matters
This case shows that not all online identifiers are considered personal data under GDPR. Website operators should understand what qualifies as personal data to comply with access requests.
GDPR Articles Cited
National Law Articles
The controller is a Dutch public broadcaster. On their website, they offer a forum, on which registered people can post articles and respond to other articles. The data subject was since 2015 a member of the form and published over 20.000 posts on the forum. On 14 June 2021, the data subject requested access to the posts, in which, according to the controller, he was guilty of picking a personal fight and writing an off-topic post. On 3 February 2022, the controller banned the data subject, because of a fight with another member on the forum. On 21 February 2022, the data subject requested access to information on which house rules he allegedly broke, the messages that allegedly broke these house rules, the opening post of the topic and other posts by others, insofar as they are relevant to establish the violation, any comments on the posts, the comments made by this third party about the data subject that also violated the house rules. On 7 March 2022, the data subject repeated his access request to the controller. On 25 March 2022, the data subject started an action by application (“verzoekschrift”) at the the District Court of First Instance of Central Netherlands (“Rechtbank Midden-Nederland”). The data subject requested the court to order the controller provide a copy of his personal data as requested in his access request, but also all the information under Article 15(1) GDPR. The data subject further requested the court to impose a penalty. The controller argued that the data subject had no right of access, because the data subject’s profile name was not personal data. As it was a pseudonym and not the actual name of the data subject, the data subject was not identifiable. Moreover, the controller invoked journalistic exception under [https://wetten.overheid.nl/jci1.3:c:BWBR0040940&hoofdstuk=4&artikel=43&z=2018-05-25&g=2018-05-25 Article 43 of the Dutch national implementation law of the GDPR] (“Uitvoeringswet Algemene verordening gegevensbescherming – UAVG
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Court case C/16/536914 / HA RK 22-78 in NL
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Court case C/16/536914 / HA RK 22-78 - Netherlands (2023). Retrieved from cookiefines.eu
Last updated: