fbpx

Download free GDPR compliance checklist!

Tag Archives for " Netherlands "

Dutch DPA fines company for not using 2FA

The Dutch Data Protection Authority imposed an order for incremental penalty payments of 150,000 euros per month with a maximum of 900,000 euros because the security level of the employer portal is not adequate.

A portal operated by UWV contains employee health data. DPA decided that because the UWV does not apply multi-factor authentication when granting access to the online employer portal, security is insufficient.

Source: AP forces UWV to better protect data with sanctions | Dutch Data Protection Authority

Dutch regulator sees potential privacy breach in Microsoft Windows

Microsoft is remotely collecting data from users of Windows Home and Windows Pro, in a potential breach of privacy rules, the Dutch Data Protection Agency (DPA) said on Tuesday.

The DPA said it had found the practices while it was testing privacy protection changes in Windows made last year by Microsoft at the agency’s request.

Source: Dutch regulator sees potential privacy breach in Microsoft Windows – Reuters

Court of Amsterdam decision demonstrates “threshold for use of fingerprints is high”

The Court of Amsterdam (‘the Court’) issued, on 15 August 2019, its decision on Case 7728204 CV VERZ 19-9686, where it upheld the choice of an employee of Manfield Schoenen BV, a retail company, who refused to provide their fingerprint for a newly introduced system of finger scan authorisation for cash registers.

The Decision highlights that Article 29 of the Act Implementing the GDPR (‘UAVG’) allows the processing of biometric data, such as fingerprints for the purpose of unique identification if the same is a necessity to fulfil authentication or security purposes. In addition, the Decision also notes that the processing of such biometric data is forbidden under Article 9(1) of the General Data Protection Regulation (GDPR).

Source: Netherlands: Court of Amsterdam decision demonstrates “threshold for use of fingerprints is high”

New DPIA on Microsoft Office and Windows software: still privacy risks remaining

Three new DPIAs, which Privacy Company has carried out for the central Dutch government, show that Microsoft has mitigated the eight previously identified privacy risks for Office 365 ProPlus through a combination of technical, organisational and contractual measures.

However, the new privacy conditions for the central Dutch government do not yet apply to the data processing via Windows 10 Enterprise or the mobile Office apps. Moreover, certain technical improvements that Microsoft has implemented in Office 365 ProPlus are not (yet) available in Office Online.

Therefore, SLM Rijk advises government institutions to, for the time being, refrain from using Office Online and the mobile Office apps, and to opt for the lowest possible level of data collection in Windows 10.

Full article: New DPIA on Microsoft Office and Windows software: still privacy risks remaining (long blog)

Dutch police facial recognition database includes 1.3 million people

A database used by the Dutch police for facial recognition technology currently includes 1.3 million people and 2.2 million photos.

A photo is added to the database if someone is suspected of committing a crime with a jail sentence of at least four years attached.

As yet, there is no real debate in the Netherlands about facial recognition technology, and what discussion there is takes place ‘behind the screen’.

Source: Dutch police facial recognition database includes 1.3 million people – DutchNews.nl

The Netherlands imposes first GDPR fine of EUR 460,000

The Dutch Data Protection Authority – Autoriteit Persoonsgegevens – has issued its first GDPR-fine of EUR 460,000. The fine is imposed on the Dutch Haga Hospital for having an insufficient internal security of patient records.

The hospital did not have in place two-factor authentication, which should have been the case when it comes to patient records. Also, while the hospital did control its logs (by a random check of six patient records per year), that this wasn’t sufficient to meet the requirement of ‘systematic, risk-oriented or intelligent control’, in particular considering the scale of data processing by the hospital.

Source: The Netherlands – First GDPR fine imposed: EUR 460,000

Duch privacy watchdog warns banks not to use payments for marketing

On Wednesday Duch data protection authority – Autoriteit Persoonsgegevens –  announced that banks should not offer their customers products on the basis of their confidential spending patterns. It added that all banks ‘should therefore take a good look at their policies around direct marketing.’

It its letter, it warns that certain transactions are considered particularly sensitive in terms of privacy law, such as payments to ‘hospitals, pharmacies, casinos, sex clubs….religious groups [and political parties]’ and that bank clients have an expectation of privacy.

Source: Look away: privacy watchdog warns banks not to use payments for marketing – DutchNews.nl – Live

Dutch DPA Issues Opinion on Use of Cookie Walls

Recently, the Dutch Data protection Authority has taken the position that the use of so-called “cookie walls,” whereby website access is made conditional upon the provision of consent to tracking cookies, is not compliant with the EU General Data Protection Regulation (GDPR).

According to the Dutch SA, use of online tracking technology is one of the most invasive data processing activities considering that virtually everyone is active on the internet and therefore potentially subject to online tracking. It is therefore key to obtain valid consent from website users before engaging in any tracking activity. nd such consent shall meet GDPR requirements.

Source: Dutch Supervisory Authority Opines on Use of Cookie Walls

Dutch DPA Issues Guidelines on Privacy Policies Following Investigation

On April 17, 2019, the Dutch Data Protection Authority issued six recommendations for companies, to be taken into account when drafting privacy policies.

The published recommendations follow the Dutch DPA’s investigation of companies’ privacy policies. The investigation focused on companies that process sensitive personal data, including health data and data related to individuals’ political beliefs.

Full article: Dutch DPA Issues Guidelines on Privacy Policies Following Investigation | Privacy & Information Security Law Blog

Dutch DPA Issues Guidelines on Privacy Policies Following Investigation

On April 17, 2019, the Dutch Data Protection Authority, the Autoriteit Persoonsgegevens (the “Dutch DPA”) issued six recommendations (in Dutch) for companies, to be taken into account when drafting privacy policies.

The published recommendations follow the Dutch DPA’s investigation of companies’ privacy policies. The investigation focused on companies that process sensitive personal data, including health data and data related to individuals’ political beliefs.

Source: Dutch DPA Issues Guidelines on Privacy Policies Following Investigation

1 2 3 4
>