Minister van Financiën – Court Ruling (Netherlands, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The data subject lives in the Netherlands and was a victim of the so-called "benefit scandal". The latter involved the usage of a discriminatory algorithm by the Dutch Tax Administration in order to detect frauds by families claiming childcare benefits (see AP (The Netherlands) - 25.11.2021). Since she wanted to know what personal data of her the Tax Administration (Belastingdienst, the controller) was processing, she filed an access request with the Tax Administration. More specifically, she requested the respective minister to access and list her personal data contained in the Fraud Alert Facility (Fraude Signalering Voorziening - FSV), a system used to detect possible frauds in an automatic way. The controller rejected the access request. It argued that the processing at hand fell within the scope of Article 23 GDPR. More specifically, the controller referred to [https://wetten.overheid.nl/jci1.3:c:BWBR0040940&hoofdstuk=4&artikel=41&z=2021-07-01&g=2021-07-01 Article 41(1)(i) of the Dutch GDPR Implementation Act] (Uitvoeringswet Algemene verordening gegevensbescherming - UAVG), stating that the controller can limit data subjects' rights (in this case, the right of access) in view of the protection of the rights and freedoms of others. The controller took the position that it could not comment further on this, as this would prejudice the purpose of the restriction. The controller, therefore, did not specify how the balancing of interests entailed on the basis of [https://wetten.overheid.nl/jci1.3:c:BWBR0040940&hoofdstuk=4&artikel=41&z=2021-07-01&g=2021-07-01 Article 41(2)(h) UAVG] was carried out. On these grounds, the data subject appealed the controller's decision before the District Court of Rotterdam (Rechtbank Rotterdam - Rb. Rotterdam). The court ruled that the controller did not give sufficient reasons for reject the data subject's access request. The court referred to the [https://zoek.officielebekendmakingen.nl/kst-34851-3.html Explanatory Memorandum of
GDPR Articles Cited
National Law Articles
The data subject lives in the Netherlands and was a victim of the so-called "benefit scandal". The latter involved the usage of a discriminatory algorithm by the Dutch Tax Administration in order to detect frauds by families claiming childcare benefits (see AP (The Netherlands) - 25.11.2021). Since she wanted to know what personal data of her the Tax Administration (Belastingdienst, the controller) was processing, she filed an access request with the Tax Administration. More specifically, she requested the respective minister to access and list her personal data contained in the Fraud Alert Facility (Fraude Signalering Voorziening - FSV), a system used to detect possible frauds in an automatic way. The controller rejected the access request. It argued that the processing at hand fell within the scope of Article 23 GDPR. More specifically, the controller referred to [https://wetten.overheid.nl/jci1.3:c:BWBR0040940&hoofdstuk=4&artikel=41&z=2021-07-01&g=2021-07-01 Article 41(1)(i) of the Dutch GDPR Implementation Act] (Uitvoeringswet Algemene verordening gegevensbescherming - UAVG), stating that the controller can limit data subjects' rights (in this case, the right of access) in view of the protection of the rights and freedoms of others. The controller took the position that it could not comment further on this, as this would prejudice the purpose of the restriction. The controller, therefore, did not specify how the balancing of interests entailed on the basis of [https://wetten.overheid.nl/jci1.3:c:BWBR0040940&hoofdstuk=4&artikel=41&z=2021-07-01&g=2021-07-01 Article 41(2)(h) UAVG] was carried out. On these grounds, the data subject appealed the controller's decision before the District Court of Rotterdam (Rechtbank Rotterdam - Rb. Rotterdam). The court ruled that the controller did not give sufficient reasons for reject the data subject's access request. The court referred to the [https://zoek.officielebekendmakingen.nl/kst-34851-3.html Explanatory Memorandum of
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (1)
Other cases involving Minister van Financiën in NL
Details
About this data
Cite as: Cookie Fines. Minister van Financiën - Netherlands (2024). Retrieved from cookiefines.eu
Last updated: