Dutch Data Protection Authority

Autoriteit Persoonsgegevens
Legal status	Governmental office
Region served	Netherlands
chairman	Aleid Wolfsen
Director	Bas den Hollander
Staff	180
Website	Official website

Last updated December 27, 2022

The Dutch Data Protection Authority (Dutch : Autoriteit Persoonsgegevens, AP) is the data protection authority for the Netherlands and an independent administrative body that has been appointed by law as the supervisory authority for the processing of personal data.^[3] The organization is therefore concerned with privacy. The duties of the AP derive from the Data Protection Directive that applies to all countries of the EU. This directive has been replaced by the General Data Protection Regulation. The Implementation Act General Data Protection Regulation has replaced the Personal Data Protection Act and appointed the AP as supervisor. All EU Member States have their own body, similar to the AP.

Legal task

The Authority for Personal Data has the statutory duty to assess whether persons and organizations, including government organisations, comply with the Dutch Personal Data Protection Act. The AP also supervises compliance with the Police Data Act, the Municipal Personal Records Database Act and all other statutory regulations concerning the processing of personal data.

Name changes

The organization was called the College bescherming persoonsgegevens (CBP) until 2016. The CBP followed the Registratiekamer in 2001. With the change of name as per 1 January 2016, the body was granted the power to impose fines for violations of the Personal Data Protection Act (Wbp). These changes were a result of drastic changes to that law.^[4] In fact, the name change of 2016 only applies to 'in society', according to article 51 of the Wbp. That article still gives 'College bescherming persoonsgegevens' as a formal name.^[5]

Supervision of compliance with the Personal Data Protection Act

The Personal Data Protection Act means that an organization may only process personal data that is demonstrably necessary for the organization and for which no explicit prohibition exists. Examples of this are medical, sexual, political data and data about membership of a trade union. For governments, the term 'demonstrably necessary' means that there must be a legal basis for the processing of data

The supervisory functions mean that the Dutch Data Protection Authority can compel companies and governments to comply with the requirements of the Wbp. The AP can impose periodic penalty payments for this.^[6] Furthermore, the AP has a public register of data processing if it deviates from the usual processing. The AP can impose an administrative fine for not registering non-exempt processing. In all cases are supervised by court which makes the final decision.

In addition, the AP has the task of advising ministers and the House of Representatives, both solicited and unsolicited, on legislative proposals, in the light of the Wbp or other applicable rules.

The obligation to report data leaks by data controllers and processors to the Dutch Data Protection Authority is regulated by the inclusion of additional provisions in the WBP per 1/1/2016.^[7]

Members

The first members of the Data Protection Board were Peter Hustinx (chairman), Ulco van de Pol and Jan Willem Broekema (both vice-chairman). Hustinx and Van de Pol came from the Registratiekamer at the establishment of the Dutch DPA. Broekema came from the business sector. Hustinx later became the privacy supervisor for the European Union. At the end of 2004, Jacob Kohnstamm, former politician, became chairman of the Dutch DPA. The chairman is appointed by royal decree for a period of six years, the two members for four years. On 1 August 2016, Kohnstam was succeeded by Aleid Wolfsen.^[1]

Related Research Articles

The Data Protection Directive, officially Directive 95/46/EC, enacted in October 1995, is a European Union directive which regulates the processing of personal data within the European Union (EU) and the free movement of such data. The Data Protection Directive is an important component of EU privacy and human rights law.

The Data Protection Act 1998 was an Act of Parliament of the United Kingdom designed to protect personal data stored on computers or in an organised paper filing system. It enacted provisions from the European Union (EU) Data Protection Directive 1995 on the protection, processing, and movement of data.

Information privacy, data privacy or data protection laws provide a legal framework on how to obtain, use and store data of natural persons. The various laws around the world describe the rights of natural persons to control who is using its data. This includes usually the right to get details on which data is stored, for what purpose and to request the deletion in case the purpose is not given anymore.

Privacy law is the body of law that deals with the regulating, storing, and using of personally identifiable information, personal healthcare information, and financial information of individuals, which can be collected by governments, public or private organisations, or other individuals. It also applies in the commercial sector to things like trade secrets and the liability that directors, officers, and employees have when handing sensitive information.

The Netherlands Authority for the Financial Markets is the financial services regulatory authority for the Netherlands. Its role is comparable to the role of the SEC in the United States.

The Federal Commissioner for Data Protection and Freedom of Information, referring to either a person or the agency they lead, is tasked with supervising data protection as well as acting in an ombudsman function in freedom of information. The latter was introduced with the German Freedom of Information Act on 1 January 2006. In 2016, it became an independent federal agency in accordance with EU regulations.

The Gibraltar Regulatory Authority (GRA) was established by the Gibraltar Regulatory Act in October 2000. The GRA is the statutory body in Gibraltar responsible for regulating electronic communications. This includes telecommunications, radio communications and broadcasting transmissions. The GRA serves as both the national supervisory and regulatory authority for these sectors. The supervision and regulation of these sectors is done in accordance with European Union law that has been rendered into national law.

The Spanish Data Protection Agency is an independent agency of the government of Spain which oversees the compliance with the legal provisions on the protection of personal data. The agency is headquartered in the city of Madrid and it extends its authority to the whole country.

The German Bundesdatenschutzgesetz (BDSG) is a federal data protection act, that together with the data protection acts of the German federated states and other area-specific regulations, governs the exposure of personal data, which are manually processed or stored in IT systems.

Foreign exchange regulation is a form of financial regulation specifically aimed at the Forex market that is decentralized and operates with no central exchange or clearing house. Due to its decentralized and global nature, the foreign exchange market has been more prone to foreign exchange fraud and has been less regulated than other financial markets.

The General Data Protection Regulation (GDPR) is a European Union regulation on data protection and privacy in the EU and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and of human rights law, in particular Article 8(1) of the Charter of Fundamental Rights of the European Union. It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR's primary aim is to enhance individuals' control and rights over their personal data and to simplify the regulatory environment for international business. Superseding the Data Protection Directive 95/46/EC, the regulation contains provisions and requirements related to the processing of personal data of individuals, formally called "data subjects", who are located in the EEA, and applies to any enterprise—regardless of its location and the data subjects' citizenship or residence—that is processing the personal information of individuals inside the EEA.

There are several National data protection authorities across the world, tasked with protecting information privacy. In the European Union and the EFTA member countries, their status was formalized by the Data Protection Directive and they were involved in the Madrid Resolution.

The Swedish Authority for Privacy Protection, formerly the Swedish Data Protection Authority, is a Swedish government agency, organized under the Ministry of Justice, tasked to protect the individual's privacy in the information society without unnecessarily preventing or complicating the use of new technology. The agency ensure legislation within this area is complied with and as such supervise different registers and carry out inspections of companies, organizations and other government agencies; led by the agency's own IT security specialists and legal advisors. The most important legislation is the Personal Data Act of 1998, the Debt Recovery Act of 1974 and the Credit Information Act of 1973. The agency also has an expert advisory role when the Government prepares new statutory provisions.

Giovanni Buttarelli was an Italian civil servant, who served as the European Data Protection Supervisor (EDPS). On 4 December 2014, he was appointed by a joint decision of the European Parliament and the Council. He was due to serve a five-year term in this position. Previously, he served as Assistant EDPS, from January 2009 until December 2014. He was also a member of the Italian judiciary with the rank of judge of the Court of Cassation.

The European Data Protection Board (EDPB) is a European Union independent body with juridical personality whose purpose is to ensure consistent application of the General Data Protection Regulation (GDPR) and to promote cooperation among the EU’s data protection authorities. On 25 May 2018, the EDPB replaced the Article 29 Working Party.

The Data Protection Act 2018 is a United Kingdom Act of Parliament which updates data protection laws in the UK. It is a national law which complements the European Union's General Data Protection Regulation (GDPR) and replaces the Data Protection Act 1998.

Peter Johan Hustinx is a Dutch lawyer who served as European Data Protection Supervisor (EDPS) from January 2004 – 2014.

The Netherlands Authority for Consumers and Markets is the competition regulator in The Netherlands. It is a regulatory authority based in The Hague. It is charged with competition oversight, sector-specific regulation of several sectors, and enforcement of consumer protection laws. It enforces Section 24 of the Dutch Competition Act.

The General Data Protection Regulation (GDPR) is a European Union regulation that specifies standards for data protection and electronic privacy in the European Economic Area, and the rights of European citizens to control the processing and distribution of personally-identifiable information.

The Personal Data Protection Authority Institute is a future independent cabinet-level agency formed by the Indonesian government, working directly under the President of Indonesia. The agency will become a special agency tasked with information privacy safeguarding, personal data protection, and enforcing laws related/regarding to the personal data protection.

References

1 2 "Oud-burgemeester Wolfsen nieuwe voorzitter privacywaakhond - NU - Het laatste nieuws het eerst op NU.nl". www.nu.nl.
↑ "Privacywaakhond: aantal klachten ook vorig jaar zorgwekkend hoog - NOS". www.nos.nl.
↑ "Tasks and powers of the Dutch DPA | Autoriteit Persoonsgegevens". Website Dutch DPA. Retrieved 20 June 2022.
↑ CBP krijgt boetebevoegdheid en wordt Autoriteit Persoonsgegevens, autoriteitpersoonsgegevens.nl, 28 december 2015
↑ Artikel 51 Wet bescherming persoonsgegevens, wetten.overheid.nl. Geraadpleegd op 14 januari 2016
↑ "Security.NL". www.security.nl. Archived from the original on 30 May 2012.
↑ "Meldplicht datalekken". autoriteitpersoonsgegevens.nl.

External links

Official website

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[nu.nl-1] 1 2 "Oud-burgemeester Wolfsen nieuwe voorzitter privacywaakhond - NU - Het laatste nieuws het eerst op NU.nl". www.nu.nl.

[2] "Privacywaakhond: aantal klachten ook vorig jaar zorgwekkend hoog - NOS". www.nos.nl.

[3] "Tasks and powers of the Dutch DPA | Autoriteit Persoonsgegevens". Website Dutch DPA. Retrieved 20 June 2022.

[4] CBP krijgt boetebevoegdheid en wordt Autoriteit Persoonsgegevens, autoriteitpersoonsgegevens.nl, 28 december 2015

[5] Artikel 51 Wet bescherming persoonsgegevens, wetten.overheid.nl. Geraadpleegd op 14 januari 2016

[6] "Security.NL". www.security.nl. Archived from the original on 30 May 2012.

[7] "Meldplicht datalekken". autoriteitpersoonsgegevens.nl.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

v t e Privacy
Principles	Expectation of privacy Right to privacy Right to be forgotten Post-mortem privacy
Privacy laws	Australia Brazil Canada China Denmark England European Union Germany Ghana New Zealand Russia Singapore Switzerland United States California, amended in 2020
Data protection authorities	Australia Denmark European Union France Germany Ireland Isle of Man Norway Philippines Poland South Korea Spain Sweden Switzerland Turkey Thailand United Kingdom Indonesia
Areas	Consumer Medical Workplace
Information privacy	Law Financial Internet Personal data Personal identifier Privacy-enhancing technologies Social networking services Privacy engineering Secret ballot
Advocacy organizations	American Civil Liberties Union Center for Democracy and Technology Computer Professionals for Social Responsibility Future of Privacy Forum Electronic Privacy Information Center Electronic Frontier Foundation European Digital Rights Global Network Initiative International Association of Privacy Professionals NOYB Privacy International
See also	Anonymity Carding Cellphone surveillance Cyberstalking Data security Eavesdropping Global surveillance Electronic harassment Mass surveillance Privacy engineering Telephone tapping Human rights Identity theft Panopticon Personality rights Search warrant
Category

Authority control
General	ISNI 1 VIAF 1 WorldCat (via VIAF)
National libraries	Germany United States