Netherlands: Amsterdam Court of Appeal ordered X to disclose user data and clarified access rights in automated moderation decisions

On 14 April 2026, the Amsterdam Court of Appeal ordered X to provide a user with extensive access to their personal data under the General Data Protection Regulation, following an appeal concerning a temporary, automated account restriction that reduced the user’s visibility. The judgment clarifies the obligations of social media platforms and other platform intermediaries that process personal data and deploy automated decision-making systems. The Court held that internal system records, including moderation labels, advertising suitability classifications, spam and authenticity indicators, and account security logs, constitute personal data and must be disclosed, as they affect user visibility and treatment on the platform. It rejected X’s argument that these records are protected trade secrets, finding that such claims require a proportional balancing test and cannot justify a broad refusal of access, particularly where the data subject seeks to verify lawfulness and challenge automated decisions. The Court permitted only narrow redactions for employee identities and precise timestamps, while requiring disclosure of all other relevant data, including links between actions and specific posts. The judgment confirms that automated content moderation decisions fall within transparency and access obligations under the General Data Protection Regulation and upheld uncapped penalty payments to ensure compliance.