Dutch Data Protection Authority

Last updated

Dutch Data Protection Authority
Autoriteit Persoonsgegevens
TypeGovernmental office
Location
Chairman
Aleid Wolfsen
Director
Bas den Hollander
Staff
180
Website Official website
[1] [2]

The Dutch Data Protection Authority (Dutch : Autoriteit Persoonsgegevens, AP) is the data protection authority for the Netherlands and an independent administrative body that has been appointed by law as the supervisory authority for the processing of personal data. [3] The organization is therefore concerned with privacy. The duties of the AP derive from the Data Protection Directive that applies to all countries of the EU. This directive has been replaced by the General Data Protection Regulation. The Implementation Act General Data Protection Regulation has replaced the Personal Data Protection Act and appointed the AP as supervisor. All EU Member States have their own body, similar to the AP.

Contents

The Authority for Personal Data has the statutory duty to assess whether persons and organizations, including government organisations, comply with the Dutch Personal Data Protection Act. The AP also supervises compliance with the Police Data Act, the Municipal Personal Records Database Act and all other statutory regulations concerning the processing of personal data.

Name changes

The organization was called the College bescherming persoonsgegevens (CBP) until 2016. The CBP followed the Registratiekamer in 2001. With the change of name as per 1 January 2016, the body was granted the power to impose fines for violations of the Personal Data Protection Act (Wbp). These changes were a result of drastic changes to that law. [4] In fact, the name change of 2016 only applies to 'in society', according to article 51 of the Wbp. That article still gives 'College bescherming persoonsgegevens' as a formal name. [5]

Supervision of compliance with the Personal Data Protection Act

The Personal Data Protection Act means that an organization may only process personal data that is demonstrably necessary for the organization and for which no explicit prohibition exists. Examples of this are medical, sexual, political data and data about membership of a trade union. For governments, the term 'demonstrably necessary' means that there must be a legal basis for the processing of data

The supervisory functions mean that the Dutch Data Protection Authority can compel companies and governments to comply with the requirements of the Wbp. The AP can impose periodic penalty payments for this. [6] Furthermore, the AP has a public register of data processing if it deviates from the usual processing. The AP can impose an administrative fine for not registering non-exempt processing. In all cases are supervised by court which makes the final decision.

In addition, the AP has the task of advising ministers and the House of Representatives, both solicited and unsolicited, on legislative proposals, in the light of the Wbp or other applicable rules.

The obligation to report data leaks by data controllers and processors to the Dutch Data Protection Authority is regulated by the inclusion of additional provisions in the WBP per 1/1/2016. [7]

Members

The first members of the Data Protection Board were Peter Hustinx (chairman), Ulco van de Pol and Jan Willem Broekema (both vice-chairman). Hustinx and Van de Pol came from the Registratiekamer at the establishment of the Dutch DPA. Broekema came from the business sector. Hustinx later became the privacy supervisor for the European Union. At the end of 2004, Jacob Kohnstamm, former politician, became chairman of the Dutch DPA. The chairman is appointed by royal decree for a period of six years, the two members for four years. On 1 August 2016, Kohnstam was succeeded by Aleid Wolfsen. [1]

Related Research Articles

<span class="mw-page-title-main">Data Protection Act 1998</span> United Kingdom legislation

The Data Protection Act 1998 (DPA) was an Act of Parliament of the United Kingdom designed to protect personal data stored on computers or in an organised paper filing system. It enacted provisions from the European Union (EU) Data Protection Directive 1995 on the protection, processing, and movement of data.

Information privacy, data privacy or data protection laws provide a legal framework on how to obtain, use and store data of natural persons. The various laws around the world describe the rights of natural persons to control who is using its data. This includes usually the right to get details on which data is stored, for what purpose and to request the deletion in case the purpose is not given anymore.

<span class="mw-page-title-main">OV-chipkaart</span> Dutch public transport card

The OV-chipkaart is a contactless smart card and integrated ticketing system used for all public transport in the Netherlands. First introduced in the Rotterdam Metro in April 2005, it has subsequently been rolled out to other areas and travel modes. It fully replaced the national strippenkaart system for buses, trams, and metro trains in 2011, and the paper ticket system for rail travel in July 2014.

The Netherlands Authority for the Financial Markets is the financial services regulatory authority for the Netherlands. Its role is comparable to the role of the SEC in the United States.

Dutch FilmWorks B.V. is a Dutch film distributor founded in 1998, based in Utrecht, the Netherlands, focusing on Benelux rights mainly to release films theatrically, on DVD, Blu-ray and VOD. They are also a publisher and distributor of books and magazines.

The United States Customs Modernization Act, amended title 19 U.S.C. 1508, 1509 and 1510, formally Title VI of the North American Free Trade Agreement Implementation Act, commonly known as the "Mod Act", amended the Tariff Act of 1930 and related laws.

The German Bundesdatenschutzgesetz (BDSG) is a federal data protection act, that together with the data protection acts of the German federated states and other area-specific regulations, governs the exposure of personal data, which are manually processed or stored in IT systems.

Privacy by design is an approach to systems engineering initially developed by Ann Cavoukian and formalized in a joint report on privacy-enhancing technologies by a joint team of the Information and Privacy Commissioner of Ontario (Canada), the Dutch Data Protection Authority, and the Netherlands Organisation for Applied Scientific Research in 1995. The privacy by design framework was published in 2009 and adopted by the International Assembly of Privacy Commissioners and Data Protection Authorities in 2010. Privacy by design calls for privacy to be taken into account throughout the whole engineering process. The concept is an example of value sensitive design, i.e., taking human values into account in a well-defined manner throughout the process.

<span class="mw-page-title-main">TP Vision</span> Subsidiary of TPV Technology

TP Vision is a wholly owned subsidiary of TPV Technology, based in Amsterdam, Netherlands. It develops, manufactures and markets Philips branded TV sets and Philips Professional Displays and LEDwalls in Europe, Russia, the Middle East, Brazil, Argentina, Uruguay, Paraguay, Mexico, Peru, Chile and selected countries in Asia-Pacific, serving both the consumer and hospitality markets.

<span class="mw-page-title-main">General Data Protection Regulation</span> EU regulation on the processing of personal data

The General Data Protection Regulation, abbreviated GDPR, or French RGPD for Règlement général sur la protection des données) is a European Union regulation on information privacy in the European Union (EU) and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and human rights law, in particular Article 8(1) of the Charter of Fundamental Rights of the European Union. It also governs the transfer of personal data outside the EU and EEA. The GDPR's goals are to enhance individuals' control and rights over their personal information and to simplify the regulations for international business. It supersedes the Data Protection Directive 95/46/EC and, among other things, simplifies the terminology.

On June 4, 2012, the Netherlands became the first country in Europe and the second in the world, after Chile, to enact a network neutrality law. The main net neutrality provision of this law requires that "Providers of public electronic communication networks used to provide Internet access services as well as providers of Internet access services will not hinder or slow down services or applications on the Internet".

There are several national data protection authorities across the world, tasked with protecting information privacy. In the European Union and the EFTA member countries, their status was formalized by the Data Protection Directive and they were involved in the Madrid Resolution.

The Swedish Authority for Privacy Protection, formerly the Swedish Data Protection Authority, is a Swedish government agency, organized under the Ministry of Justice, tasked to protect the individual's privacy in the information society without unnecessarily preventing or complicating the use of new technology. The agency ensure legislation within this area is complied with and as such supervise different registers and carry out inspections of companies, organizations and other government agencies; led by the agency's own IT security specialists and legal advisors. The most important legislation is the Personal Data Act of 1998, the Debt Recovery Act of 1974 and the Credit Information Act of 1973. The agency also has an expert advisory role when the Government prepares new statutory provisions.

<span class="mw-page-title-main">Giovanni Buttarelli</span>

Giovanni Buttarelli was an Italian civil servant, who served as the European Data Protection Supervisor (EDPS). On 4 December 2014, he was appointed by a joint decision of the European Parliament and the Council. He was due to serve a five-year term in this position. Previously, he served as Assistant EDPS, from January 2009 until December 2014. He was also a member of the Italian judiciary with the rank of judge of the Court of Cassation.

<span class="mw-page-title-main">European Data Protection Board</span> EU body for implementing the GDPR

The European Data Protection Board (EDPB) is a European Union independent body with juridical personality whose purpose is to ensure consistent application of the General Data Protection Regulation (GDPR) and to promote cooperation among the EU’s data protection authorities. On 25 May 2018, the EDPB replaced the Article 29 Working Party.

<span class="mw-page-title-main">Data Protection Act 2018</span> United Kingdom legislation

The Data Protection Act 2018 is a United Kingdom Act of Parliament which updates data protection laws in the UK. It is a national law which complements the European Union's General Data Protection Regulation (GDPR) and replaces the Data Protection Act 1998.

<span class="mw-page-title-main">Peter Hustinx</span> Dutch lawyer

Peter Johan Hustinx is a Dutch lawyer who served as European Data Protection Supervisor (EDPS) from January 2004 – 2014.

<span class="mw-page-title-main">Netherlands Authority for Consumers and Markets</span> Competition regulator in The Netherlands

The Netherlands Authority for Consumers and Markets is the competition regulator in The Netherlands. It is a regulatory authority based in The Hague. It is charged with competition oversight, sector-specific regulation of several sectors, and enforcement of consumer protection laws. It enforces Section 24 of the Dutch Competition Act.

The General Data Protection Regulation (GDPR) is a European Union regulation that specifies standards for data protection and electronic privacy in the European Economic Area, and the rights of European citizens to control the processing and distribution of personally-identifiable information.

The Personal Data Protection Authority is a future executive agency formed by the Indonesian government, working directly under the President of Indonesia. The agency will be tasked with information privacy safeguarding, personal data protection, and enforcing laws related/regarding to the personal data protection.

References

  1. 1 2 "Oud-burgemeester Wolfsen nieuwe voorzitter privacywaakhond - NU - Het laatste nieuws het eerst op NU.nl". www.nu.nl.
  2. "Privacywaakhond: aantal klachten ook vorig jaar zorgwekkend hoog - NOS". www.nos.nl.
  3. "Tasks and powers of the Dutch DPA | Autoriteit Persoonsgegevens". Website Dutch DPA. Retrieved 20 June 2022.
  4. CBP krijgt boetebevoegdheid en wordt Autoriteit Persoonsgegevens, autoriteitpersoonsgegevens.nl, 28 december 2015
  5. Artikel 51 Wet bescherming persoonsgegevens, wetten.overheid.nl. Geraadpleegd op 14 januari 2016
  6. "Security.NL". www.security.nl. Archived from the original on 30 May 2012.
  7. "Meldplicht datalekken". autoriteitpersoonsgegevens.nl.