Fox Rothschild LLP (JD Supra Netherlands)

Tell me, don’t sell me, the GDPR version. The Dutch Data Protection Authority (AP) has imposed a fine of 525,000 euros on tennis association KNLTB for selling personal data without proper consent.

How compliant is that cookie in the window? The Dutch Data Protection Authority (AP) carried out a check on approximately 175 websites of web shops, municipalities and media, among other things, to determine whether they met the requirements for placing tracking cookies.

The Dutch DPA has issued guidance on the use of “legitimate interest” as a legal basis for processing data under GDPR. Key takeaways on what constitutes “legitimate”: The interest needs to be pursuant to a written or unwritten legal principle.

Who is responsible for putting a GDPR Article 28 Data Processing Agreement in place? Dutch Data Protection Authority, Autoreitpersoonsgegevens, says: BOTH the data controller and the data processor.

The Dutch Data Protection Authority has levied a fine of 460,000 euros on Haga Hospital for insufficient security following an investigation revealing that dozens of hospital staff had unnecessarily checked the medical records of a well-known Dutch person. In addition, if the hospital has not improved security before October 2, 2019, it must pay 100,000 euros every two weeks, up to a maximum...

How do you verify the identity of an individual requesting access to their data or that data be deleted? The Dutch Data Protection Authority, Autoriteitpersoonsgegevens, offers guidance which can be helpful and instructive not only for GDPR but for CCPA as well:

The Dutch Data Protection Authority makes six recommendations on drafting your data protection policy, based on its audits of privacy policies of blood banks, IVF clinics and political parties. A good data protection policy shows the individuals and the Supervisory Authority that it complies with GDPR.

Cookies and trackers sat on a wall, cookies and trackers had a great fall… Dutch data protection authority, Autoreitpersoonsgegevens (AP), holds that the practice of a cookie banner that does not allow you to enter a website unless you accept tracking cookies (known as a “cookie wall”) is not permissible under the EU General Data Protection Regulation (GDPR).

Does your company have the data processing agreements required by the EU General Data Protection Regulation (GDPR) when it engages third parties to assist with its data processing activities? The Dutch data protection authority recently asked this question of 30 companies in the energy, media and trade sectors.

In recent art world news, recent restitution efforts of the Netherlands for returning looted art have come under scrutiny. Some international critics assert that Dutch policies for restitution of looted art have become stricter once again.