fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " Netherlands "

New DPIA on Microsoft Office and Windows software: still privacy risks remaining

Three new DPIAs, which Privacy Company has carried out for the central Dutch government, show that Microsoft has mitigated the eight previously identified privacy risks for Office 365 ProPlus through a combination of technical, organisational and contractual measures.

However, the new privacy conditions for the central Dutch government do not yet apply to the data processing via Windows 10 Enterprise or the mobile Office apps. Moreover, certain technical improvements that Microsoft has implemented in Office 365 ProPlus are not (yet) available in Office Online.

Therefore, SLM Rijk advises government institutions to, for the time being, refrain from using Office Online and the mobile Office apps, and to opt for the lowest possible level of data collection in Windows 10.

Full article: New DPIA on Microsoft Office and Windows software: still privacy risks remaining (long blog)

Dutch police facial recognition database includes 1.3 million people

A database used by the Dutch police for facial recognition technology currently includes 1.3 million people and 2.2 million photos.

A photo is added to the database if someone is suspected of committing a crime with a jail sentence of at least four years attached.

As yet, there is no real debate in the Netherlands about facial recognition technology, and what discussion there is takes place ‘behind the screen’.

Source: Dutch police facial recognition database includes 1.3 million people – DutchNews.nl

The Netherlands imposes first GDPR fine of EUR 460,000

The Dutch Data Protection Authority – Autoriteit Persoonsgegevens – has issued its first GDPR-fine of EUR 460,000. The fine is imposed on the Dutch Haga Hospital for having an insufficient internal security of patient records.

The hospital did not have in place two-factor authentication, which should have been the case when it comes to patient records. Also, while the hospital did control its logs (by a random check of six patient records per year), that this wasn’t sufficient to meet the requirement of ‘systematic, risk-oriented or intelligent control’, in particular considering the scale of data processing by the hospital.

Source: The Netherlands – First GDPR fine imposed: EUR 460,000

Duch privacy watchdog warns banks not to use payments for marketing

On Wednesday Duch data protection authority – Autoriteit Persoonsgegevens –  announced that banks should not offer their customers products on the basis of their confidential spending patterns. It added that all banks ‘should therefore take a good look at their policies around direct marketing.’

It its letter, it warns that certain transactions are considered particularly sensitive in terms of privacy law, such as payments to ‘hospitals, pharmacies, casinos, sex clubs….religious groups [and political parties]’ and that bank clients have an expectation of privacy.

Source: Look away: privacy watchdog warns banks not to use payments for marketing – DutchNews.nl – Live

Dutch DPA Issues Opinion on Use of Cookie Walls

Recently, the Dutch Data protection Authority has taken the position that the use of so-called “cookie walls,” whereby website access is made conditional upon the provision of consent to tracking cookies, is not compliant with the EU General Data Protection Regulation (GDPR).

According to the Dutch SA, use of online tracking technology is one of the most invasive data processing activities considering that virtually everyone is active on the internet and therefore potentially subject to online tracking. It is therefore key to obtain valid consent from website users before engaging in any tracking activity. nd such consent shall meet GDPR requirements.

Source: Dutch Supervisory Authority Opines on Use of Cookie Walls

Dutch DPA Issues Guidelines on Privacy Policies Following Investigation

On April 17, 2019, the Dutch Data Protection Authority issued six recommendations for companies, to be taken into account when drafting privacy policies.

The published recommendations follow the Dutch DPA’s investigation of companies’ privacy policies. The investigation focused on companies that process sensitive personal data, including health data and data related to individuals’ political beliefs.

Full article: Dutch DPA Issues Guidelines on Privacy Policies Following Investigation | Privacy & Information Security Law Blog

Dutch DPA Issues Guidelines on Privacy Policies Following Investigation

On April 17, 2019, the Dutch Data Protection Authority, the Autoriteit Persoonsgegevens (the “Dutch DPA”) issued six recommendations (in Dutch) for companies, to be taken into account when drafting privacy policies.

The published recommendations follow the Dutch DPA’s investigation of companies’ privacy policies. The investigation focused on companies that process sensitive personal data, including health data and data related to individuals’ political beliefs.

Source: Dutch DPA Issues Guidelines on Privacy Policies Following Investigation

Netherlands wants easier sharing of info about criminals

It has to become easier to share information about criminals, regardless of strict privacy rules, Minister Ferdinand Grapperhaus of Justice and Security said to the Telegraaf in an interview.

The Minister said that he will present a proposal to make the sharing of information about criminals and criminal activity a bit easier. While calling for a more intensified approach to drug trafficking earlier this week, Mayor Aboutaleb noted how difficult it is to share information about suspected criminals with other municipalities.

Source: Sharing info about criminals must be easier, Justice Min. says | NL Times

The Netherlands DPA states cookie wall not allowed

On 7 March 2019, the Dutch Data Protection Authority (DPA) created quite some buzz in the online Dutch (advertising) industry: websites that only give visitors access to their site if they agree to tracking cookies (or similar technologies) do not comply with the GDPR.

This also means that the so-called cookie walls that are placed on websites, preventing visitors access to websites if they do not consent to tracking cookies, are not allowed in the view of the Dutch DPA.

Source: The Netherlands: S.A. states that websites must be accessible at all times; cookie wall not allowed

Dutch Data Protection Authority received record amount of data breach notifications in 2018

Dutch Data Protection Authority received record amount of data breach notifications in 2018. Earlier today, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) issued a press release stating that it received 20,881 notifications of data breaches in 2018.

In comparison to 2017, the amount of data breach notifications has (more than) doubled.

Source: NETHERLANDS: Dutch Data Protection Authority received record amount of data breach notifications in 2018. Earlier today…

>