Case summary

Deciding Body
Administrative Jurisdiction Division of the Council of State of the Netherlands
Afdeling bestuursrechtspraak Nederlandse Raad van State
Netherlands
National case details
Date of decision: 02.04.20
Registration ID: 201901006/1/A2
Instance: Appellate on fact and law
Case status: Final
Area of law
Data protection

Other
Relevant principles applied
Effectiveness

Life-cycle diagram

  1. 19 December 2018

    District Court Gelderland

  2. 1 April 2020

    Administrative Jurisdiction Division of the Council of State

Identification of the case

Fundamental rights involved
  • Right to an effective remedy and to a fair trial (art. 47 CFREU)
National law sources
  • Article 8:88 General Administrative Law Act jo. Article 34 Dutch GDPR Implementation Act
EU law sources
  • Articles 15 to 22, 79, 82, and Article 99(3), of the General Data Protection Regulation (GDPR)
  • Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC
  • CFREU, article 47

Summary of the case

Facts of the case

The appellant in this case claims compensation for the unlawful transfer of his medical data to the Healthcare Disciplinary Board. From the prevailing privacy legislation (since 25 May 2018 the GDPR and the Dutch GDPR Implementation Act), the Administrative Jurisdiction Division of the Council of State (Division) understands that it must be possible to appeal to both the administrative and civil courts 'to submit a claim to compensation for damage as a result of a breach of the GDPR by an administrative body.’ In such a case, however, the administrative court must follow the rules laid down in Article 6:106 of the Civil Code and the case law of the Supreme Court.

Type of enforcement
  • Administrative judicial enforcement
Measures, actions, remedies claimed/applied

The Division judges that there is - in this type of cases about claiming damages - a choice possible between the civil court and the administrative court. However, the administrative court must then apply the criteria from the Dutch Civil Code for compensation (in this case the rules for compensation of non-material damages laid down in article 6:106 DCC) and follow on this matter the case law of the Supreme Court, which is the highest civil court in the Netherlands. But the Division is only competent for damages up to € 25.000,- and the civil court is also competent for damages exceeding € 25,000.

The Division comes to this judgment in four different cases (the other three cases are: ECLI:NL:RVS:2020:899, ECLI:NL:RVS:2020:900 and ECLI:NL:RVS:2020:901). The Division rules that only in the first case, the man whose medical data has been sent to the disciplinary court, is entitled to compensation of non-material damages. His privacy has been violated in such a way that justifies compensation of € 500, taken into account the fact that this information only came to a small group of professionals with professional secrecy.

Reasoning (legal principles applied)

The Division considers that the GDPR is directly applicable in every Member State (Article 99(3) GDPR). The claim for compensation in the event of acting contrary to the GDPR arises directly from the GDPR itself (Article 82(6) GDPR jo. Article 79(2) GDPR). In the absence of EU procedural rules it is settled case-law of the ECJ that it is for the Member States to designate the competent judicial authorities and to apply their national procedural law in cases of enforcement of Union law (see judgment in 16 December 1976, C-33/76, Rewe, ECLI:EU:C:1976:188, and Judgment of 13 July 2006, C-295/04 - 298/04, Manfredi, ECLI:EU:C:2006:461 point 62). A procedural rule must (inter alia) comply with the principle of effective judicial protection, as set out in Article 47 Charter of the fundamental rights of the EU (Charter) (see judgments of the Court of Justice of 18 March 2010, C-317/08, C-318/08, C-319/08 and C-320/08, Alassini and Others, ECLI:EU:C:2010:146). The Division infers from Article 8:88 General Administrative Law Act jo. Article 34 Dutch GDPR Implementation Act that it has been the intention of the national legislator that the same judge, which rules on, inter alia, decisions of administrative bodies, on a request as referred to in Articles 15 to 22 GDPR, may also be asked to rule on the reimbursement of related damages. The Division finds this in the interest of concentration of legal protection and therefore also in the interest of an effective legal protection as stipulated in Article 47 Charter (effectiveness principle). This means that in these cases a litigant has a choice whom to ask for damages: the administrative judge or the civil law judge. With this restriction that a litigant can only bring a claim for damages over € 25.000,- before the civil law judge.

Role of the Charter and role of the general principles on enforcement

Reference to national provisions

The case deals with the application of EU-law. Pursuant to Article 51(1) of the Charter, the Charter is applicable.

Relevance of CFREU and ECHR articles or related rights

• Explicit reference to Art. 47, CFREU (right to an effective remedy and a fair trial)

• Right to an effective remedy before a tribunal

A procedural rule - in this case which court is competent - must (inter alia) comply with the principle of effective judicial protection, as set out in Article 47 Charter of the fundamental rights of the EU (Charter) (see judgments of the Court of Justice of 18 March 2010, C-317/08, C-318/08, C-319/08 and C-320/08, Alassini and Others, ECLI:EU:C:2010:146).

Relevant principles applied
  • Effectiveness
Principle of effectiveness

In the absence of EU procedural rules it is settled case-law of the ECJ that it is for the Member States to designate the competent judicial authorities and to apply their national procedural law in cases of enforcement of Union law (see judgment in 16 December 1976, C-33/76, Rewe, ECLI:EU:C:1976:188, and Judgment of 13 July 2006, C-295/04 - 298/04, Manfredi, ECLI:EU:C:2006:461 point 62). A procedural rule must (inter alia) comply with the principle of effective judicial protection, as set out in Article 47 Charter of the fundamental rights of the EU (Charter) (see judgments of the Court of Justice of 18 March 2010, C-317/08, C-318/08, C-319/08 and C-320/08, Alassini and Others, ECLI:EU:C:2010:146). Finally, the Division infers from Article 8:88 General Administrative Law Act jo. Article 34 Dutch GDPR Implementation Act that it has been the intention of the national legislator that the same judge, which rules on, inter alia, decisions of administrative bodies, on a request as referred to in Articles 15 to 22 GDPR, may also be asked to rule on the reimbursement of related damages.

Elements of judicial dialogue

Vertical dialogue type
  • Dialogue between high court - lower instance court at national level
Cited CJEU
  • CJEU C-33/76, Rewe
  • CJEU C-295/04 - 298/04, Manfredi
  • CJEU C-317/08, C-318/08, C-319/08 and C-320/08, Alassini and Others
Dialogue techniques

Conform interpretation with EU law as interpreted by the CJEU.

Purposes of using judicial dialogue

To solve a conflict between different trends of national case law.

Expected effects of judicial dialogue

From now on there is a choice possible for the litigant between the civil court and the administrative court in cases with a compensation for damages as a result of a breach of the GDPR by an administrative body. However, the administrative court must then apply the criteria from the Dutch Civil Code for compensation (DCC 6:106) and follow on this matter the case law of the Supreme Court, which is the highest civil court in the Netherlands. Only the civil court is competent for damages of more than € 25,000.

Additional notes on the decision

Impact on national case law

The lower (District) Courts will have to abide to the outcome of this judgment.

Other notes

The Division comes to this judgment in four different cases (the other three cases are: ECLI:NL:RVS:2020:899, ECLI:NL:RVS:2020:900 and ECLI:NL:RVS:2020:901). The Division rules that only in the first case, the man whose medical data has been sent to the disciplinary court, is entitled to compensation. His privacy has been violated in such a way that justifies compensation of € 500, taken into account the fact that this information only came to a small group of professionals with professional secrecy.

External links

Case author

Sandra Lange, Aniel Pahladsingh, Simon Peers, Council of State of the Netherlands (Raad van State)

Published by Chiara Patera on 15 July 2020