Articles

Municipalities are allowed to levy fees at cost when an individual exercises its right of access

Municipalities are allowed to levy fees at cost when an individual exercises its right of access

Municipalities are allowed to levy fees at cost when an individual exercises its right of access

15.07.2014 NL law

On 12 December 2013, the European Court of Justice (“ECJ”) delivered an interesting judgment on the amount of charges municipalities are allowed to levy when a data subject exercises its right to access its personal data that are processed in the municipal personal records database. This case concerns a dispute heard by the Court of Appeal of The Hague which submitted preliminary questions to the ECJ.

In 2009, X committed a traffic offence and was fined. She did not pay the fine and had to appear in court. She argued that she had not received any order of the fine or any subsequent demands for payment that had been issued by the public prosecutor. At the time the fine was issued, she moved from one house to another several times, and she assumed that the fine and the subsequent payment demands might have been sent to the wrong address. To prove this, she requested the administrative office of the municipality where she currently lives to indicate specifically which data are held in the municipal personal records database. In accordance with Section 79(3) of the Municipal Database (Personal Records) Act (currently Section 2.55(3) of the Municipal Database (Personal Records) Act), the municipality supplied her with a certified document containing her requested data and charged her EUR 12.80 for it. But X refused to pay this.

Section 79 Municipal Database (Personal Records) Act specifically elaborates on Section 12 EU Directive 95/46/EC (the “Privacy Directive”), which specifies that a data subject should be given access to its personal data “without constraint at reasonable intervals and without excessive delay or expense”. Based on Section 79(2) Municipal Database (Personal Records) Act, allowing a data subject’s inspection of his/her personal data free-of-charge could be achieved by showing him/her the information on the computer screen of the civil servant working at the administrative office. If the data subject wants to obtain a copy thereof, he/she must pay for any administrative charges.

The Court of Appeal of The Hague submitted several preliminary questions to the ECJ. One of them, which is the more interesting one, is summarized as follows: Are municipalities allowed to levy fees for an extract from the municipal personal records database or does the Privacy Directive preclude this? The ECJ answered this question by saying that when a data subject exercises its right of access, levying fees is allowed, as long as they are not excessive. The fees should not have the effect of causing the data subject to waive its right of access. Therefore, the fees should not exceed the cost of data supply. Authorities can also choose to charge less than the actual costs in order to safeguard one’s right of access.

For X, the essential question is whether or not the levied fees exceeded the actual cost of data supply. If the fees did exceed it, then it remains to be seen whether, in this case, charging the data subject for the actual cost that is currently known will not be considered an obstacle for the data subject to inspect the data after all.

The case (C-486/12) can be found on http://www.curia.europa.eu.

 

Click here to see a printable version of this article

All rights reserved. Care has been taken to ensure that the content of this e-bulletin is as accurate as possible. However the accuracy and completeness of the information in this e-bulletin, largely based upon third party sources, cannot be guaranteed. The materials contained in this e-bulletin have been prepared and provided by Stibbe for information purposes only. They do not constitute legal or other professional advice and readers should not act upon the information contained in this e-bulletin without consulting legal counsel. Consultation of this e-bulletin will not create an attorney-client relationship between Stibbe and the reader. The e-bulletin may be used only for personal use and all other uses are prohibited.

Team

Related news

07.08.2018 NL law
General Data Protection Regulation comes into effect

Short Reads - On 25 May 2018, the European Union's General Data Protection Regulation (GDPR) came into effect. The GDPR replaces the EU's prior directive governing the processing and transfer of personal data, which was in place since 1995. As a regulation, the GDPR is directly applicable in all 28 EU member states and thus removes the need for national implementing legislation. However, the GDPR allows member states discretion in certain areas, as a result of which national legislation may still be implemented. In the Netherlands, the GDPR Implementation Act came into effect on 25 May 2018.

Read more

12.07.2018 NL law
Algemene verordening gegevensbescherming van toepassing

Short Reads - Vanaf 25 mei 2018 zijn de Algemene verordening gegevensbescherming (Verordening (EU) 2016/679) (AVG) en de Uitvoeringswet Algemene verordening gegevensbescherming (Uitvoeringswet) van toepassing in Nederland. De AVG en de Uitvoeringswet vervangen de richtlijn betreffende de bescherming van natuurlijke personen in verband met de verwerking van persoonsgegevens (Richtlijn 95/46/EG) en de Wet bescherming persoonsgegevens (Wbp).

Read more

Our website uses cookies: third party analytics cookies to best adapt our website to your needs & cookies to enable social media functionalities. For more information on the use of cookies, please check our Privacy and Cookie Policy. Please note that you can change your cookie opt-ins at any time via your browser settings.

Privacy – en cookieverklaring