Netherlands

Summary

Law: Act Implementing the GDPR (in Dutch here) (an unofficial English version of the Act is available here) (the Act) and the General Data Protection Regulation (Regulation (EU) 2016/679)

Regulator: Dutch data protection authority (AP)

Summary: The Netherlands implemented the GDPR in 2018 through the Act Implementing the GDPR (available in Dutch here) (an unofficial English version of the Act is available here) (the Act). The Netherlands had utilised its legislative freedom to derogate from the GDPR in certain areas. In particular, under the Act, Chapter 3 of the GDPR (regarding data subjects' rights) does not apply where personal data is processed for either journalistic purposes or for the purposes of academic, artistic, or literary expression.

The Dutch data protection authority (AP) has released several guidelines and explanations on topics such as data security, financial data, and direct marketing. In its guidance on the use of cookies, the AP stated that the use of cookie walls violates the GDPR. Regarding its enforcement of the Act, the AP has investigated and issued decisions on several topics including, for example, violations of the right of access and right to erasure. Sanctions are outlined in its policy rules and are categorised into specific categories with corresponding bandwidths.

Browse more content in Netherlands

All Guidance Notes

All News

All Insights

News

22 November 2024

Netherlands: ACM announces availability of registration under Data Governance Act

21 November 2024

Netherlands: List of authorities for protection of fundamental rights under AI Act published

13 November 2024

Netherlands: AP finds DUO use of algorithms in education discriminatory

12 November 2024

International: AP and ICO sign Memorandum of Understanding on personal data

07 November 2024

Netherlands: AP publishes final advice on supervision of AI under EU AI Act

31 October 2024

Netherlands: AP requests comments on prohibiting emotion recognition AI systems

29 October 2024

Netherlands: Court of Audit publishes report on AI in central government

28 October 2024

Netherlands: AP publishes advice on automated decision-making regarding tax returns and benefits applications

28 October 2024

Netherlands: AP publishes 2023 report on ransomware

28 October 2024

Netherlands: AP investigates holiday parks for use of facial recognition technology

17 October 2024

Netherlands: NCSC publishes update on law transposing NIS 2 Directive

16 October 2024

Netherlands: Government publishes guide to EU AI Act

Insights

April 2022

Netherlands: Update on the bill on the Data Processing by Partnerships Act

The bill on the Data Processing by Partnerships Act ('WSG') aims to provide a legal basis for the processing of personal data by designated partnerships and further constitutes a framework with a number of general rules with regard to the tasks, structure and functioning of these partnerships. Anouschka Van de Graaf, Senior Associate at Dentons, discusses the purposes of the bill, alongside concerns regarding its contents.

January 2022

Netherlands: Dutch Data Protection Authority guidance on smart cities

In July 2021, the Dutch Data Protection Authority, Autoriteit Persoonsgegevens ("AP"), published their guidance for smart cities and the development of smart city applications. This guidance is intended for municipalities in the Netherlands that plan to, or currently, collect and process personal data in a public space with the use of smart sensors and measuring equipment. The AP has deemed this guidance necessary as municipalities in the past have not always paid sufficient attention to the applicable privacy legislation, such as the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). Chantal van Dam and Femke van der Eijk, of Hogan Lovells, discuss the guidance in this article.

November 2021

Europe: COVID-19 vaccination status - What can employers collect?

With restrictions being lifted across Europe and businesses planning their return to the office, many employers, in an endeavour to prevent the spread of COVID-19, are faced with the dilemma of whether they can require their employees to be vaccinated or to show proof of their vaccination status. Besides the health and safety concerns associated with the introduction of such measures, there are also some key privacy-related considerations. In particular, an individual's vaccination status falls within the scope of health data under Article 4(15) of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') and is therefore a special category of personal data under Article 9 of the GDPR, meaning processing is generally prohibited, unless an exception applies.

This article outlines the local requirements in the UK, Germany, the Netherlands, France, and Italy.

September 2021

Netherlands: Amendments made to the Dutch Telecommunication Act

On 1 July 2021, an amendment¹ to the Telecommunications Act 1998 (as amended) ('the Telecommunications Act') came into force, requiring opt-in consent to telemarketing. Chantal Van Dam and Femke van der Eijk, from Hogan Lovells, provide a brief overview of what impact the amendment has had on the Telecommunications Act.

September 2021

Netherlands: Protection of children's data

This article addresses the data protection rules for children that apply in the Netherlands. It elaborates on specific requirements enshrined in EU and local data protection law and guidance and considers enforcement actions of the Dutch data protection authority ('AP'). Furthermore, it introduces the Dutch Code for Children's Rights ('the Code') and explains the principles of the Code and how companies may benefit from it. Chantal van Dam, Senior Associate at Hogan Lovells LLP, discusses this topic and its nuances.

Netherlands

Summary

Browse more content in Netherlands

News

Insights

Get the Latest News

Thanks for signing up!

Company

Our Policies

Your Rights

Follow us