Court case 202304463/1/A3 – Court Ruling (Netherlands, 2025)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A data subject, a resident of Amsterdam, had a conflict between 2016 and 2017 that led to him leaving his home. During that period, several reports about him were allegedly made to the municipal Care and Residential Nuisance Hotline. Believing that information about him had been collected and shared within the municipality, the data subject submitted a request to the Municipal Executive of Amsterdam, the controller, to access all personal data processed about him by the Hotline under Article 15(1) GDPR. The controller treated the request as one made under Article 15 GDPR, which grants data subjects the right to access their personal data and provided him an overview of how his data had been processed and a partly redacted copy of the file. Parts of the file were redacted to protect the privacy of third parties who had made or were involved in reports. The data subject filed an objection, arguing he was entitled to full access, including names and the unredacted content. He claimed a legitimate need to access his full file to gather evidence for potential civil and criminal proceedings and defend himself. The controller rejected that, maintaining that the redactions were necessary. The data subject then appealed to the District Court of Amsterdam, which ruled that while the controller correctly withheld the identities of third parties, its decision had not clearly indicated what personal data about the data subject had been received from other parties, nor had it explained adequately with which authorities his data had been shared. The court partially annulled the decision and ordered the controller to reconsider these points. Following the judgment, the controller issued a new decision, providing a revised overview that included the personal data about the appellant obtained from others, but still excluding any data that could identify third parties. The data subject lodged a further appeal to the Council of State, arguing that his interests had not been properly w
GDPR Articles Cited
A data subject, a resident of Amsterdam, had a conflict between 2016 and 2017 that led to him leaving his home. During that period, several reports about him were allegedly made to the municipal Care and Residential Nuisance Hotline. Believing that information about him had been collected and shared within the municipality, the data subject submitted a request to the Municipal Executive of Amsterdam, the controller, to access all personal data processed about him by the Hotline under Article 15(1) GDPR. The controller treated the request as one made under Article 15 GDPR, which grants data subjects the right to access their personal data and provided him an overview of how his data had been processed and a partly redacted copy of the file. Parts of the file were redacted to protect the privacy of third parties who had made or were involved in reports. The data subject filed an objection, arguing he was entitled to full access, including names and the unredacted content. He claimed a legitimate need to access his full file to gather evidence for potential civil and criminal proceedings and defend himself. The controller rejected that, maintaining that the redactions were necessary. The data subject then appealed to the District Court of Amsterdam, which ruled that while the controller correctly withheld the identities of third parties, its decision had not clearly indicated what personal data about the data subject had been received from other parties, nor had it explained adequately with which authorities his data had been shared. The court partially annulled the decision and ordered the controller to reconsider these points. Following the judgment, the controller issued a new decision, providing a revised overview that included the personal data about the appellant obtained from others, but still excluding any data that could identify third parties. The data subject lodged a further appeal to the Council of State, arguing that his interests had not been properly w
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Court case 202304463/1/A3 in NL
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Court case 202304463/1/A3 - Netherlands (2025). Retrieved from cookiefines.eu
Last updated: