On 31 January 2013, the Den Bosch Court ruled on a request for access to personal data. This decision is interesting at least for two reasons. First, hyperlinking may be considered as processing of personal data. Second, the person processing personnel data is deemed to be the data controller, unless evidence to the contrary is provided.
On the website “Veilingdeurwaarder”, court bailiffs and government-appointed tax bailiffs can advertise for sales under execution (executieverkopen). Interested parties then receive an email or tweet with a link to a particular sale. For vehicles, the website automatically collects information from the Governmental Road Transport Agency and generates a corresponding ad.
In the case at stake, the advertisement contained amongst others the license plate number, the location of the sale and the name of the registered owner of the vehicle. The latter subsequently filed a request to the website to gain access to his personal data. The website owner, however, denied that request and referred to the court bailiff responsible for that sale.
The Court ruled that the website owner is deemed to be the data controller since he was processing the personal data concerned, unless evidence to the contrary is provided. This is quite remarkable since there is no legal basis for this assumption.
Furthermore, the Court found that providing a hyperlink to these data through an email or a tweet constitutes a processing of personal data. This would mean that anyone providing a hyperlink to a website containing personal data, could be qualified as a data controller although the message itself would not contain any personal data. (MD)
The case can be found on http://www.rechtspraak.nl