After a company has been declared bankrupt, the liquidator in charge of the bankrupt estate will process personal data on that bankrupt company’s behalf. The liquidator would then be considered a so-called data controller within the meaning of the Dutch Data Protection Act (DDPA).

In a case before the Leeuwarden Court of Appeal, an individual, whose personal data had been processed by a bankrupt company’s liquidator, requested access to the data that concerned him. The liquidator however, refused to grant this person access to the data on grounds of protecting the rights of the various (third) parties involved in the bankruptcy. The liquidator takes the view that data confidentiality is needed so that he could properly manage the liquidation of assets properly. For example, data must be kept confidential for the purpose of investigating fraudulent actions related to the bankrupt company. If that individual (the data subject) had a right to access the data, he could be given access to the liquidator’s confidential information that concerned three proceedings to which the data subject is a party.

The Court agreed with the liquidator: it acknowledged that the liquidator is truly looking after the interests of third parties, and he may therefore decide that, in the interest of those third parties, the confidential information—including personal data of the data subject—that those parties provided to him precludes the data subject from being given access to those data.

Leeuwarden Court of Appeal, 8 January 2013, LJN: BZ1829