fbpx

Download free GDPR compliance checklist!

Tag Archives for " Netherlands "

Dutch “Data Pro Code” Approved

On August 27, 2020, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) announced it approved the “Data Pro Code,” a code of conduct drafted by industry association NLdigital.

This Code is the first code of conduct approved by the Dutch DPA under the EU General Data Protection Regulation (GDPR). The Code includes, among other things, a series of practical GDPR compliance tools, such as the “Data Pro Statement” that companies may use to inform potential customers of the data protection safeguards they have in place.

Source: Dutch “Data Pro Code” Approved

Italy tops GDPR penalty list with €46m worth of fines this year

Businesses operating within the European Union have been hit with a total of €68 million in fines relating to GDPR breaches so far in 2020.

Over €45 million of that came from Italian-owned companies, as result of 13 separate investigations. Sweden came in second, with €7.3 million in fines from 4 cases, while the Netherlands were ranked third with €2.8 million worth of penalties.

Source: Italy tops GDPR penalty list with €46m worth of fines this year | IT PRO

Dutch DPA finds Methods used by Tax and Customs Administration unlawful and discriminatory

The Benefits Office of the Dutch Tax and Customs Administration should not have processed the (dual) nationality of childcare benefit applicants in the way it did for many years.

According to the results of the Data Protection Authority’s investigation, this practice was unlawful and discriminatory, and a serious and improper breach of the General Data Protection Regulation (GDPR).

Source: Dutch DPA: Methods used by Dutch Tax and Customs Administration unlawful and discriminatory

Consumer privacy group files privacy breach court case against Oracle and Salesforce

A Dutch consumer privacy group has brought a class action claim against tech giants Oracle and Salesforce, alleging that their involvement in placing third party cookies to help track and target internet users with adverts breaches privacy laws.

The Privacy Collective, a non-for-profit foundation, claims that the tech giants are effectively using Dutch customer data without their explicit consent and has taken them to court, claiming at least €10bn in damages. A similar case, also fully funded by Innsworth litigation funder, is set to be filed in England and Wales.

Source: Consumer privacy group files privacy breach court case against Oracle and Salesforce – DutchNews.nl

The Netherlands DPA imposes EUR 830,000 fine for access request fees

On the 6 th of July 2020, the Dutch Data Protection Authority  published its decision to impose a fine of 830,000 EUR on Stichting Bureau Krediet Registratie (BKR).

BKR keeps an electronic file of the loans and debts people have in the Netherlands, stored in a central database. The fine has been imposed due to the fact that BKR’s procedure for data subjects to obtain access to their personal data was not in line with GDPR.

Source: The Netherlands – DPA imposes EUR 830,00 fine for access request fees

Long before the Coronavirus emergency law, Netherlands Central Bureau of Statistics had been tracking civilian mobile phones

An emergency law of the cabinet must regulate that the government can monitor the mobile phones of citizens in the Netherlands for the fight against COVID-19, but it now appears that the Central Bureau of Statistics (CBS) previously did this on a large scale.

Together with Vodafone, Statistics Netherlands recorded how many people visited King’s Day 2018 in Amsterdam and where they came from. The Dutch Data Protection Authority (AP) is therefore examining whether the statistical office has thereby violated the law.

Source: Lang voor de coronaspoedwet volgde het CBS al telefoons van burgers – NRC

TikTok subject of Dutch data protection probe

The watchdog say they will “examine whether TikTok adequately protects the privacy of Dutch children”.

The probe will examine whether TikTok adequately protects the privacy of children under Dutch law and the European Union’s General Data Protection Regulation. Authorities are also examining whether the app requires parental consent for TikTok to collect and use data on its young users.

Source: TikTok subject of Dutch data protection probe | Euronews

Dutch DPA imposes fine on employer processing fingerprints of employees

The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) issued a fine of EUR 725,000 for a company unlawfully processing fingerprints of its employees for attendance and time registration purposes.

The Dutch DPA concluded that the company in question did not have appropriate legal basis for processing fingerprints. First of all, the employer was not able to provide prove of having obtained explicit consent of employees.

Secondly, the Dutch DPA concluded that the “necessity” exception can only be relied upon when buildings and information systems need to be secured in such a way that this cannot be done without using (only) biometrics.

Source: The Netherlands: Fine imposed on employer processing fingerprints of employees

Netherlands court rules that violation of GDPR does not automatically result in damages

The Netherlands Advisory Division of the Council of State overruled the decision of a lower instance to award the claimant €500 for damages, detailing that a mere violation of a fundamental right does not automatically result in damages.

The Council of State decided that in line with the Dutch Civil Code, the burden of proof is on the claimant to demonstrate they suffered damages, and that in the case at hand the claimant had failed to prove that the bar of actual harm had been reached.

Source: Netherlands: Council of State overrules order to award GDPR damages | DataGuidance

Dutch DPA fines Tennis Association EUR 525,000

The Dutch DPA imposed a fine of EUR 525,000 on tennis association KNLTB for selling the personal data of its Members.

In 2018, KNLTB unlawfully provided personal data of a few thousand of its members to two sponsors. Data included name, gender and address, so that they could approach a selection of KNLTB members with tennis-related and other offers. One sponsor received personal data from 50,000, the other from more than 300,000 members. The sponsors approached some of those KNLTB members by post or telephone.

Source: Dutch DPA fines Tennis Association

1 2 3 5
>