Court case 202304463/1/A3 – Court Ruling (Netherlands, 2025)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Dutch court ruled that a resident could not access all personal data about him from a municipal hotline due to privacy concerns for third parties. However, the court ordered the municipality to clarify what data it had collected about him. This case highlights the balance between individual rights and the privacy of others.
What happened
A court ordered the municipality to provide more information about the personal data it processed about a resident, while still protecting third-party identities.
Who was affected
A resident of Amsterdam who sought access to his personal data from a municipal hotline.
What the authority found
The court found that while the municipality could withhold third-party identities, it needed to better explain what personal data about the resident had been shared.
Why this matters
This ruling illustrates the complexities of data access rights and privacy. Website operators should be prepared to handle requests for personal data while respecting the privacy of others.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
A data subject, a resident of Amsterdam, had a conflict between 2016 and 2017 that led to him leaving his home. During that period, several reports about him were allegedly made to the municipal Care and Residential Nuisance Hotline. Believing that information about him had been collected and shared within the municipality, the data subject submitted a request to the Municipal Executive of Amsterdam, the controller, to access all personal data processed about him by the Hotline under Article 15(1) GDPR. The controller treated the request as one made under Article 15 GDPR, which grants data subjects the right to access their personal data and provided him an overview of how his data had been processed and a partly redacted copy of the file. Parts of the file were redacted to protect the privacy of third parties who had made or were involved in reports. The data subject filed an objection, arguing he was entitled to full access, including names and the unredacted content. He claimed a legitimate need to access his full file to gather evidence for potential civil and criminal proceedings and defend himself. The controller rejected that, maintaining that the redactions were necessary. The data subject then appealed to the District Court of Amsterdam, which ruled that while the controller correctly withheld the identities of third parties, its decision had not clearly indicated what personal data about the data subject had been received from other parties, nor had it explained adequately with which authorities his data had been shared. The court partially annulled the decision and ordered the controller to reconsider these points. Following the judgment, the controller issued a new decision, providing a revised overview that included the personal data about the appellant obtained from others, but still excluding any data that could identify third parties. The data subject lodged a further appeal to the Council of State, arguing that his interests had not been properly w
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Court case 202304463/1/A3 in NL
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Court case 202304463/1/A3 - Netherlands (2025). Retrieved from cookiefines.eu
Last updated: