fbpx

Download free GDPR compliance checklist!

Tag Archives for " Netherlands "

The Netherlands DPA imposes EUR 830,000 fine for access request fees

On the 6 th of July 2020, the Dutch Data Protection Authority  published its decision to impose a fine of 830,000 EUR on Stichting Bureau Krediet Registratie (BKR).

BKR keeps an electronic file of the loans and debts people have in the Netherlands, stored in a central database. The fine has been imposed due to the fact that BKR’s procedure for data subjects to obtain access to their personal data was not in line with GDPR.

Source: The Netherlands – DPA imposes EUR 830,00 fine for access request fees

Long before the Coronavirus emergency law, Netherlands Central Bureau of Statistics had been tracking civilian mobile phones

An emergency law of the cabinet must regulate that the government can monitor the mobile phones of citizens in the Netherlands for the fight against COVID-19, but it now appears that the Central Bureau of Statistics (CBS) previously did this on a large scale.

Together with Vodafone, Statistics Netherlands recorded how many people visited King’s Day 2018 in Amsterdam and where they came from. The Dutch Data Protection Authority (AP) is therefore examining whether the statistical office has thereby violated the law.

Source: Lang voor de coronaspoedwet volgde het CBS al telefoons van burgers – NRC

TikTok subject of Dutch data protection probe

The watchdog say they will “examine whether TikTok adequately protects the privacy of Dutch children”.

The probe will examine whether TikTok adequately protects the privacy of children under Dutch law and the European Union’s General Data Protection Regulation. Authorities are also examining whether the app requires parental consent for TikTok to collect and use data on its young users.

Source: TikTok subject of Dutch data protection probe | Euronews

Dutch DPA imposes fine on employer processing fingerprints of employees

The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) issued a fine of EUR 725,000 for a company unlawfully processing fingerprints of its employees for attendance and time registration purposes.

The Dutch DPA concluded that the company in question did not have appropriate legal basis for processing fingerprints. First of all, the employer was not able to provide prove of having obtained explicit consent of employees.

Secondly, the Dutch DPA concluded that the “necessity” exception can only be relied upon when buildings and information systems need to be secured in such a way that this cannot be done without using (only) biometrics.

Source: The Netherlands: Fine imposed on employer processing fingerprints of employees

Netherlands court rules that violation of GDPR does not automatically result in damages

The Netherlands Advisory Division of the Council of State overruled the decision of a lower instance to award the claimant €500 for damages, detailing that a mere violation of a fundamental right does not automatically result in damages.

The Council of State decided that in line with the Dutch Civil Code, the burden of proof is on the claimant to demonstrate they suffered damages, and that in the case at hand the claimant had failed to prove that the bar of actual harm had been reached.

Source: Netherlands: Council of State overrules order to award GDPR damages | DataGuidance

Dutch DPA fines Tennis Association EUR 525,000

The Dutch DPA imposed a fine of EUR 525,000 on tennis association KNLTB for selling the personal data of its Members.

In 2018, KNLTB unlawfully provided personal data of a few thousand of its members to two sponsors. Data included name, gender and address, so that they could approach a selection of KNLTB members with tennis-related and other offers. One sponsor received personal data from 50,000, the other from more than 300,000 members. The sponsors approached some of those KNLTB members by post or telephone.

Source: Dutch DPA fines Tennis Association

Welfare surveillance system violates human rights, Dutch court rules 

A Dutch court has ordered the immediate halt of an automated surveillance system for detecting welfare fraud because it violates human rights, in a judgment likely to resonate well beyond the Netherlands.

The case was seen as an important legal challenge to the controversial but growing use by governments around the world of artificial intelligence (AI) and risk modelling in administering welfare benefits and other core services.

Source: Welfare surveillance system violates human rights, Dutch court rules | Technology | The Guardian

€114 Million in Fines Imposed by EU Authorities Under GDPR

New findings from DLA Piper show that 160,000 data breach notifications reported across 28 European Union Member States and data protection authorities have imposed €114 million in monetary fines under the GDPR for a wide range of infringements. Not all fines were related to data breach infringements, however.

In terms of the total value of fines issued by geographical region, France (€51m), Germany (€24.5m) and Austria (€18m) topped the rankings, whilst the Netherlands (40,647), Germany (37,636) and the UK (22,181) had the highest number of data breaches notified to regulators.

Source: €114m in Fines Imposed by Euro Authorities Under GDPR – Infosecurity Magazine

Carrefour’s fingerprint payments to be investigated by Belgian privacy agency

The Belgian Data Protection Authority has stated that there is “a good chance” it will investigate Carrefour’s fingerprint payment system.

The supermarket chain announced on Tuesday that it will organise a pilot project allowing clients to pay for their groceries with their fingerprints in a store in the centre of Brussels. The clients will be able to pay by scanning their finger at the cash register, after which the money will disappear from their bank account.

Source: Carrefour’s fingerprint payments to be investigated by Belgian privacy agency

Dutch Court Decides on Scope of GDPR Right of Access

In late December 2019, the Court of The Hague (Netherlands) published a preliminary reference procedure (see here , in Dutch). The Court was asked to decide on the scope of the right of access under the GDPR.

The Court also pointed out that the GDPR does not grant a right to obtain a copy of documents; it only grants a right to obtain a copy of personal data. In relation to documents that do not contain much personal information, such as the e-mails in question, the court held that it suffices to describe the data they contain.

Source: Dutch Court Decides on Scope of GDPR Right of Access

1 2 3 5
>