Policy Observatory

The Dutch Data Protection Authority (DPA) imposed a conditional fine on Facebook because it had not provided a part of the information that the Dutch DPA has formally demanded as part of its investigation. The investigation focuses on the privacy conditions of the social media company. The Dutch DPA needs the requested information from Facebook, amongst others, to determine its competence and the applicability of the Dutch data protection act. Facebook indicated to provide the further information regarding the set of questions that concerns the competence of the Dutch DPA and the applicability of the Dutch data protection act. The Dutch DPA will assess the information and has therefore temporarily suspended the conditional fine.

The Dutch Senate passed a new law adding a new provision article 34.a to the Dutch data protection law Wet Bescherming Persoonsgegevens, which introduces an obligation to notify the Dutch DPA ‘without delay’ in case of a data breach and the related data subjects, broadens the powers of the Dutch DPA with significantly higher fines for a wide range of privacy violations, sets out the exemption conditions for data breach duty on taking active measures to make the such data incomprehensible and inaccessible, and changes the name of Dutch DPA to Autoriteit Persoonsgegevens (Personal Data Authority).

Jacob Kohnstamm, the Chairman of the Dutch Data Protection Authority (Dutch DPA), presented the annual report 2014 to the Standing Committee on Security and Justice of the House of Representatives. The main themes of this report are data profiling, decentralisation (the delegation of tasks from the central government and the provinces to the municipalities) and the processing of personal data in the area of employment.

The DPA received various signals that employment agencies appeared to be violating the privacy of temporary workers. In a temporary employment relationship the agency acts as the employer of the temporary worker. For these reasons, the DPA decided to carry out an investigation in respect of two large employment agencies regarding their compliance with the Dutch Data Protection Act. According to the DPA, the investigations confirmed that the employment agencies are violating data protection laws on various points, including processing of ID copies, over recording data relating to illness and incapacity to work, handling criminal antecedents and religious symbols, and illegal data retention, etc.