fbpx

Download free GDPR compliance checklist!

Tag Archives for " Netherlands "

Welfare surveillance system violates human rights, Dutch court rules 

A Dutch court has ordered the immediate halt of an automated surveillance system for detecting welfare fraud because it violates human rights, in a judgment likely to resonate well beyond the Netherlands.

The case was seen as an important legal challenge to the controversial but growing use by governments around the world of artificial intelligence (AI) and risk modelling in administering welfare benefits and other core services.

Source: Welfare surveillance system violates human rights, Dutch court rules | Technology | The Guardian

€114 Million in Fines Imposed by EU Authorities Under GDPR

New findings from DLA Piper show that 160,000 data breach notifications reported across 28 European Union Member States and data protection authorities have imposed €114 million in monetary fines under the GDPR for a wide range of infringements. Not all fines were related to data breach infringements, however.

In terms of the total value of fines issued by geographical region, France (€51m), Germany (€24.5m) and Austria (€18m) topped the rankings, whilst the Netherlands (40,647), Germany (37,636) and the UK (22,181) had the highest number of data breaches notified to regulators.

Source: €114m in Fines Imposed by Euro Authorities Under GDPR – Infosecurity Magazine

Carrefour’s fingerprint payments to be investigated by Belgian privacy agency

The Belgian Data Protection Authority has stated that there is “a good chance” it will investigate Carrefour’s fingerprint payment system.

The supermarket chain announced on Tuesday that it will organise a pilot project allowing clients to pay for their groceries with their fingerprints in a store in the centre of Brussels. The clients will be able to pay by scanning their finger at the cash register, after which the money will disappear from their bank account.

Source: Carrefour’s fingerprint payments to be investigated by Belgian privacy agency

Dutch Court Decides on Scope of GDPR Right of Access

In late December 2019, the Court of The Hague (Netherlands) published a preliminary reference procedure (see here , in Dutch). The Court was asked to decide on the scope of the right of access under the GDPR.

The Court also pointed out that the GDPR does not grant a right to obtain a copy of documents; it only grants a right to obtain a copy of personal data. In relation to documents that do not contain much personal information, such as the e-mails in question, the court held that it suffices to describe the data they contain.

Source: Dutch Court Decides on Scope of GDPR Right of Access

Dutch DPA fines company for not using 2FA

The Dutch Data Protection Authority imposed an order for incremental penalty payments of 150,000 euros per month with a maximum of 900,000 euros because the security level of the employer portal is not adequate.

A portal operated by UWV contains employee health data. DPA decided that because the UWV does not apply multi-factor authentication when granting access to the online employer portal, security is insufficient.

Source: AP forces UWV to better protect data with sanctions | Dutch Data Protection Authority

Dutch regulator sees potential privacy breach in Microsoft Windows

Microsoft is remotely collecting data from users of Windows Home and Windows Pro, in a potential breach of privacy rules, the Dutch Data Protection Agency (DPA) said on Tuesday.

The DPA said it had found the practices while it was testing privacy protection changes in Windows made last year by Microsoft at the agency’s request.

Source: Dutch regulator sees potential privacy breach in Microsoft Windows – Reuters

Court of Amsterdam decision demonstrates “threshold for use of fingerprints is high”

The Court of Amsterdam (‘the Court’) issued, on 15 August 2019, its decision on Case 7728204 CV VERZ 19-9686, where it upheld the choice of an employee of Manfield Schoenen BV, a retail company, who refused to provide their fingerprint for a newly introduced system of finger scan authorisation for cash registers.

The Decision highlights that Article 29 of the Act Implementing the GDPR (‘UAVG’) allows the processing of biometric data, such as fingerprints for the purpose of unique identification if the same is a necessity to fulfil authentication or security purposes. In addition, the Decision also notes that the processing of such biometric data is forbidden under Article 9(1) of the General Data Protection Regulation (GDPR).

Source: Netherlands: Court of Amsterdam decision demonstrates “threshold for use of fingerprints is high”

New DPIA on Microsoft Office and Windows software: still privacy risks remaining

Three new DPIAs, which Privacy Company has carried out for the central Dutch government, show that Microsoft has mitigated the eight previously identified privacy risks for Office 365 ProPlus through a combination of technical, organisational and contractual measures.

However, the new privacy conditions for the central Dutch government do not yet apply to the data processing via Windows 10 Enterprise or the mobile Office apps. Moreover, certain technical improvements that Microsoft has implemented in Office 365 ProPlus are not (yet) available in Office Online.

Therefore, SLM Rijk advises government institutions to, for the time being, refrain from using Office Online and the mobile Office apps, and to opt for the lowest possible level of data collection in Windows 10.

Full article: New DPIA on Microsoft Office and Windows software: still privacy risks remaining (long blog)

Dutch police facial recognition database includes 1.3 million people

A database used by the Dutch police for facial recognition technology currently includes 1.3 million people and 2.2 million photos.

A photo is added to the database if someone is suspected of committing a crime with a jail sentence of at least four years attached.

As yet, there is no real debate in the Netherlands about facial recognition technology, and what discussion there is takes place ‘behind the screen’.

Source: Dutch police facial recognition database includes 1.3 million people – DutchNews.nl

The Netherlands imposes first GDPR fine of EUR 460,000

The Dutch Data Protection Authority – Autoriteit Persoonsgegevens – has issued its first GDPR-fine of EUR 460,000. The fine is imposed on the Dutch Haga Hospital for having an insufficient internal security of patient records.

The hospital did not have in place two-factor authentication, which should have been the case when it comes to patient records. Also, while the hospital did control its logs (by a random check of six patient records per year), that this wasn’t sufficient to meet the requirement of ‘systematic, risk-oriented or intelligent control’, in particular considering the scale of data processing by the hospital.

Source: The Netherlands – First GDPR fine imposed: EUR 460,000

1 2 3 4
>