Dutch Supervisory Authority

On April 28, 2020, the Dutch Supervisory Authority (“Dutch SA”) announced its decision to impose a fine of €725,000 on a company for unlawfully processing the biometric data of its employees.

In 2018, the company concerned installed an access and time management system that collected and processed biometric templates of employees’ fingerprints.  This initiative came about following indications of fraudulent use of the company’s existing badge-based time management system.  After installation, the company’s old system co-existed with the new system, and employees were free to choose the method by which to sign in to work.  One of the employees subsequently filed a complaint with the Dutch SA, which led to this investigation.Continue Reading Dutch Supervisory Authority Fines Company for Processing Biometric Data of Employees

On March 24, 2020, the Dutch Supervisory Authority (“SA”) announced the launch of a broad investigation into automobile manufacturers, to determine whether any violations of data protection laws have occurred in relation to connected cars.

The Dutch SA sent a questionnaire to all Netherlands-based car and truck manufacturers, asking what
Continue Reading Dutch Supervisory Authority Investigates Connected Cars

On March 7, 2019, the Dutch Supervisory Authority for data protection issued guidance prohibiting the use of “cookie walls” on websites.  Cookie walls require website users to consent to the placing of tracking cookies or similar technologies before allowing them access to the website.  According to the regulator, it received
Continue Reading Dutch Supervisory Authority Prohibits “Cookie Walls” under GDPR

In early November, the Dutch Supervisory Authority released an injunction imposed against the public insurance body Uitvoeringsinstituut Werkgeversverzekering (“UWV”) last July.

The UWV allows employers to submit data about their employees for social security purposes.  The data includes dates of employee absences due to general illness (and when an employee
Continue Reading Dutch Supervisory Authority Imposes GDPR Security Standard for Processing Broadly Defined Health Data