Case summary

Deciding Body
District Court of the Hague
Rechtbank den Haag
National case details
Date of decision: 05.02.20
Registration ID: C-09-550982
Instance: 1st Instance
Case status: Final
Area of law
Data protection

Relevant principles applied

Identification of the case

Fundamental rights involved
  • Respect for private and family life (art. 7 CFREU)
  • Protection of personal data (art. 8 CFREU)
National law sources
  • SUWI Act
EU law sources
  • General Data Protection Regulation
ECHR provisions
Article 8 ECHR

Summary of the case

Facts of the case

The Risk Indication System (SyRI) is an instrument used by the government to combat and prevent fraud in labour laws, social security and tax. According to the government, SyRI anonymises data and then analyses it in a secure environment, so that risk reports can be generated. Prior to data analysis, names, social security numbers and addresses, among other matters, are anonymised. The SUWI Act was amended on 1 January 2014 to give SyRI a legal basis, which can be found in art. 65 SUWI Act. The claimant contends that SyRI is incompatible with art. 8 ECHR and art. 7 and 8 CFREU, as well as the General Data Protection Regulation (GDPR), due to privacy infringements. The State contends this, arguing that SyRI’s decision making process is based on objective criteria and any infringement to privacy caused by SyRI is limited to what is strictly necessary.

Type of enforcement
  • Civil judicial enforcement
Measures, actions, remedies claimed/applied

Suspends art. 65 SUWI Act on the basis that it is incompatible with art. 8 ECHR.

Reasoning (legal principles applied)

The Court considers that it must assess whether SyRI is incompatible with art. 8 ECHR, art. 7 and 8 CFREU and articles 5, 6, 13, 14, 22 and 28 GDPR. Firstly, the Court notes the importance of combatting fraud in social security, especially as social security is paid for by the taxpayer. However, the Court also considers that lack of transparency in new technologies leads to less trust in the government by citizens. The effect of art. 8 ECHR means that the Netherlands as a Member State must carefully balance the benefits of new technologies with the right to privacy. The Court considers that SyRI does not strike this balance and is therefore incompatible with art. 8(2) ECHR, as it not necessary in a democratic society or proportional.

The Court considers that it must take into account the caselaw of the ECtHR when determining the scope of art. 8 ECHR. The Court notes that the ECtHR has brought respect for personal autonomy and personal development under the remit of art. 8 ECHR. Furthermore, the right to privacy is protected on an EU level by art. 7 CFREU and art. 8 CFREU, as well as the GDPR. It is considered that the Court should not apply a marginal test, but instead undertake a full review to determine whether SyRI is compliant with art. 8(2) ECHR.

The claimant argues that SyRI uses deep learning and the collection of large datasets to profile individuals. The State contends this, saying that SyRI merely uses decision trees. The Court considers that the secrecy around SyRI means that it cannot ascertain the extent of SyRI’s operations. However, art. 65 SUWI Act does allow for deep learning and datamining. Furthermore, taking into account the transparency principle, the purpose limitation principle and the principle of data minimization, the Court considers that the SyRI legislation is not sufficiently clear and thus is not necessary and proportionate under art. 8(2) ECHR. Neither the Court, nor individuals can ascertain the decision-making process of SyRI, which can lead to indirect discrimination. This can lead to unexpected biases which cannot be remedied or challenged by individuals, due to the secrecy surrounding SyRI. Furthermore, the large quantity of data which can be processed under art. 65 SUWI Act means that there is also an infringement of the data minimization principle.

Role of the Charter and role of the general principles on enforcement

Relation to scope of the Charter

This case concerned the right to privacy under art. 7 and art. 8 of the Charter. The Court considered that the protection offered by art. 8 ECHR is similar to the Charter, which is why it used the ECHR to test SyRI.

Relevant principles applied
  • Proportionality
Principle of proportionality

The Court had to determine whether the infringement to the right of privacy under art. 8 ECHR caused by SyRI, which is a Risk Indication System designed to prevent fraud, was proportionate to the aim of combatting fraud in social security payments.

Elements of judicial dialogue

Vertical dialogue type
  • Direct dialogue between CJEU/ECtHR and National court (out of preliminary reference procedure)
Cited ECtHR
  • S and Marper v United Kingdom [2008] ECHR 1581
Purposes of using judicial dialogue

To solve a conflict between national law and the ECHR.

Expected effects of judicial dialogue

Legislative reform.

Additional notes on the decision

External links

Case author

Sil van Kordelaar, University of Bristol

Published by Chiara Patera on 12 March 2020