- The case centered on whether the Tax and Customs Administration adequately clarified how it searched for a citizen’s personal data under the General Data Protection Regulation (GDPR), as the citizen sought insight into data processed in the Fraud Detection Facility (FSV) and other systems.
- The District Court of The Hague found the Tax and Customs Administration’s explanation insufficient, ruling that a general overview of its ICT landscape did not demonstrate that searching all approximately 970 systems was disproportionately burdensome, and ordered a new decision that specifies which systems were searched.
- The court dismissed the citizen’s claims about the existence of similar unknown systems to the FSV, citing a lack of concrete evidence, and ruled itself incompetent to address compensation claims related to data processing, directing such claims to be filed in civil court instead.
Source BTW jurisprudentie