The right of inspection is intended to ensure that a person can check whether personal data about him/her is being processed and whether it is being processed properly. If the right of inspection is used for any other purpose, there may be an abuse of right. Dutch courts have already ruled several times under the Personal Data Protection Act that a right of inspection request need not be complied with in the event of an abuse of right. A recent ruling continues this line under the AVG.
Abuse of the right of inspection is difficult to establish because the applicant is not required to give a reason for his or her inspection request. As a result, the burden of proof that the right has been abused lies with the party responsible. Substantial access requests aimed at forcing costs on the party responsible may constitute an abuse of rights. There can also be abuse of rights in the case of fishing expeditions aimed at improving a litigation position, while the accuracy and lawfulness of the processing are not at issue.
In a 2016 case, the District Court of Gelderland (RO 2.13) ruled that it could be inferred from the circumstances (the applicant's intended use of the results of his inspection request in liability proceedings) that the applicant was not concerned with establishing the accuracy of the personal data processed and rejected the inspection request.
Similar reasoning was followed by the District Court of The Hague in the well-known TGB case (see RO 3.10). The Court found that the applicant was concerned with gathering evidence in another proceeding. The court therefore rejected the inspection request. [Unfortunately for TGB, the Autoriteit Persoonsgegevens ("AP") did not consider itself bound by this ruling (see recitals 21 to 33 of the AP' s decision imposing an order for periodic penalty payments)].
According to a recent case before the District Court of Northern Netherlands, the AVG has not changed this judicial interpretation of the right of inspection. This follows from the following consideration by the court in that case: "Insofar as it must be found that the plaintiff is ultimately not concerned with the accuracy of actual personal data concerning him that appear on those data carriers, but the plaintiff is concerned with obtaining information that he wants to use in any other proceedings, the court is of the opinion that this constitutes an abuse of the right." (RO 6)
The conclusion is that a manifestly improper request for inspection under the AVG need not be honored automatically. The controller must then be able to sufficiently demonstrate that the requester is not concerned with being able to verify the lawfulness of the processing of his personal data (recital 63 AVG). Proving this abuse, however, is not easy.
This article can also be found in the AVG file
