Data Protection in the Netherlands: Difference between revisions

From GDPRhub
No edit summary
m (Purely visual alterations)
 
(9 intermediate revisions by 7 users not shown)
Line 4: Line 4:
|colspan="2"|[[File:nl.png|center|250px]]
|colspan="2"|[[File:nl.png|center|250px]]
|-
|-
| Data Protection Authority: || [[Autoriteit Persoonsgegevens (AP) (The Netherlands)]]
| Data Protection Authority: || [[AP (The Netherlands)|Autoriteit Persoonsgegevens (AP) (The Netherlands)]]
|-
|-
| National Implementation Law (Original): || [https://wetten.overheid.nl/BWBR0040940/ Uitvoeringswet Algemene verordening gegevensbescherming]
| National Implementation Law (Original): || [https://wetten.overheid.nl/BWBR0040940/ Uitvoeringswet Algemene verordening gegevensbescherming]
Line 21: Line 21:
==Legislation==
==Legislation==
===History===
===History===
Before a unified law on data protection was introduced, several sector specific regulations, such the Electronic Communications Act and the Telecommunications Act, included data protection rules.
Council of Europe Convention No. 108 for the Protection of Individuals with regard to Automatic Processing of Personal Data was transposed in Dutch law in 1988 in the form of the ''Wet persoonsregistraties''. [https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A31995L0046 Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data] was transposed in the form of the ''[https://wetten.overheid.nl/BWBR0011468/2018-05-01 Wet bescherming persoonsgegevens]''.
Council of Europe Convention No. 108 for the Protection of Individuals with regard to Automatic Processing of Personal Data was transposed in Dutch law in 1988 in the form of the ''Wet persoonsregistraties''. [https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A31995L0046 Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data] was transposed in the form of the ''[https://wetten.overheid.nl/BWBR0011468/2018-05-01 Wet bescherming persoonsgegevens]''.


''You can help us fill this section!''
Wet bescherming persoonsgegevens established a stronger data protection by emphasizing individuals' rights over their personal data and giving the Dutch Data Protection Authority (DPA) a broader power.
 
As the GDPR took effect in the European Union (EU) on May 25, 2018, it replaced both the Data Protection Directive (95/46/EC) and the Dutch Personal Data Protection Act (Wet bescherming persoonsgegevens).


===National constitutional protections===
===National constitutional protections===
''You can help us fill this section!''
The right to privacy is protected by articles 10 (general right to privacy), 11 (inviolability of one's body), and 13 (secrecy of correspondence) of the constitution.
 
Provisions of treaties which "by nature and content" may bound, will do so automatically once published (article 93 of the constitution). Because of this, treaties such as the ECHR and ratified protocols have the status of law.


===National GDPR implementation law===
===National GDPR implementation law===
In Netherlands the GDPR is implemented by the ''Uitvoeringswet Algemene verordening gegevensbescherming''.
In Netherlands the GDPR is implemented by the ''Uitvoeringswet Algemene verordening gegevensbescherming''<ref>https://wetten.overheid.nl/BWBR0040940/2021-07-01</ref> (“'''Dutch GDPR Implementation Act'''”).
 
''You can help us fill this section!''


==== Age of consent ====
==== Age of consent ====
In relation to information society services the age of consent is 16 years following [[Article 8 GDPR|Article 8(1) GDPR]].
In relation to information society services the age of consent is 16 years following [[Article 8 GDPR|Article 8(1) GDPR]]. There is no specific age of consent for other support and advisory services offered directly and for free to a minor, following [https://wetten.overheid.nl/BWBR0040940/#Hoofdstuk1_Artikel5 Article 5(5) UAVG]. In all other situations, the age of consent is 16 years, following [https://wetten.overheid.nl/BWBR0040940/#Hoofdstuk1_Artikel5 Article 5(1) UAVG].
There is no specific age of consent for other support and advisory services offered directly and for free to a minor, following [https://wetten.overheid.nl/BWBR0040940/2019-02-19#Hoofdstuk1_Artikel5 Article 5(5) UAVG].
In all other situations, the age of consent is 16 years, following [https://wetten.overheid.nl/BWBR0040940/2019-02-19#Hoofdstuk1_Artikel5 Article 5(1) UAVG].


==== Freedom of Speech ====
==== Freedom of Speech ====
''You can help us fill this section!''
Pursuant to Article 43 of the Dutch GDPR Implementation Act, if personal data is processed exclusively for journalistic purposes or academic, artistic, or literary forms of expression, then the regulations pertaining to data subject rights do not apply.


==== Employment context ====
==== Employment context ====
''You can help us fill this section!''
The details on processing of personal data in an employment context are regulated in the [https://autoriteitpersoonsgegevens.nl/uploads/imported/ap_or_privacy-boekje.pdf privacy booklet] published by the Dutch Data Protection Authority. The booklet contains matters such as how to exercise the right of consent with regard to processing and protection of employee personal data and digital employee tracking systems. The Dutch Data Protection Authority also published further explanations on its [https://www.autoriteitpersoonsgegevens.nl/themas/werk-en-uitkering website].


==== Research ====
==== Research ====
''You can help us fill this section!''
As per the Article 44 of the Dutch GDPR Implementation Act, and Articles 15, 16, and 18 of the GDPR do not apply in case personal data is processed by institutions or services for scientific research or statistics, and the required safeguards are implemented to ensure that the personal data can only be used for such purposes.


====Other relevant national provisions and laws====
====Other relevant national provisions and laws====
''You can help us fill this section!''
 
* [https://wetten.overheid.nl/BWBR0022463/2023-11-01 Wet politiegegevens] (the Police Data Act), regulates the protection of personal data at the police.
* [https://wetten.overheid.nl/BWBR0014194/2023-11-01 Wet justitiele en strafvorderlijke gegevens] (the Judicial and Criminal Data Act) regulates the processing of judicial data.
* [https://wetten.overheid.nl/BWBR0004627/2023-06-20 Kieswet] (Elections Act)
* [https://wetten.overheid.nl/BWBR0036443/2017-04-01 Wet raadgevend referendum] (Advisory Referendum Act)
* [https://wetten.overheid.nl/BWBR0033715/2022-03-01 Wet Basisregistratie Personen] (Personal Records Database) regulates the correct use of personal data of the residents of the Netherlands.


===National ePrivacy Law===
===National ePrivacy Law===
''You can help us fill this section!''
[https://wetten.overheid.nl/BWBR0009950/2021-07-01 The Telecommunications Act] is the primary legislation governing the telecommunications sector in the Netherlands, including a chapter on privacy and telecommunications transposing the Directive on Privacy and Electronic Communications (2002/58/EC).


==Data Protection Authority==
==Data Protection Authority==
Line 60: Line 67:
==Judicial protection==
==Judicial protection==
===Civil Courts===
===Civil Courts===
''You can help us fill this section!''
Under Art. 79 GDPR, civil (and other) proceedings can be brought directly against a data controller. The rules of civil procedure are laid down in the Dutch Code of Civil Procedure.


===Administrative Courts===
===Administrative Courts===
''You can help us fill this section!''
Appeals from the Dutch DPA can be brought before one of the District Courts of First Instance (''Rechtbank - Rb.'') and further to the Administrative Jurisdiction Division of the Council of State (''Afdeling Bestuursrechtspraak van de Raad van State - ABRvS'').


===Constitutional Court===
===Constitutional Court===
''In the Netherlands there is no constitutional court.''
There is no constitutional court in the Netherlands. Courts are explicitly prohibited by article 120 of the constitution to judge the constitutionality of national laws or treaties.
 
=== Supreme Court ===
 
==== Hoge Raad ====
As the highest court in the fields of civil, criminal and tax law in the Netherlands, the Supreme Court ('Hoge Raad') is responsible for hearing appeals in cassation and for a number of specific tasks with which it is charged by law.
 
===== Het Parket bij de Hoge Raad =====
The main task of the Procurator General of the Supreme Court is to provide the members of the Supreme Court with independent advice – known as an ‘advisory opinion’ (conclusion)- on how to rule in the cassation proceedings before them.
 
=== References ===

Latest revision as of 07:50, 6 May 2024

Data Protection in the Netherlands
Nl.png
Data Protection Authority: Autoriteit Persoonsgegevens (AP) (The Netherlands)
National Implementation Law (Original): Uitvoeringswet Algemene verordening gegevensbescherming
English Translation of National Implementation Law: n/a
Official Language(s): Dutch
National Legislation Database(s): Link
English Legislation Database(s): n/a
National Decision Database(s): Link

Legislation

History

Before a unified law on data protection was introduced, several sector specific regulations, such the Electronic Communications Act and the Telecommunications Act, included data protection rules.

Council of Europe Convention No. 108 for the Protection of Individuals with regard to Automatic Processing of Personal Data was transposed in Dutch law in 1988 in the form of the Wet persoonsregistraties. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data was transposed in the form of the Wet bescherming persoonsgegevens.

Wet bescherming persoonsgegevens established a stronger data protection by emphasizing individuals' rights over their personal data and giving the Dutch Data Protection Authority (DPA) a broader power.

As the GDPR took effect in the European Union (EU) on May 25, 2018, it replaced both the Data Protection Directive (95/46/EC) and the Dutch Personal Data Protection Act (Wet bescherming persoonsgegevens).

National constitutional protections

The right to privacy is protected by articles 10 (general right to privacy), 11 (inviolability of one's body), and 13 (secrecy of correspondence) of the constitution.

Provisions of treaties which "by nature and content" may bound, will do so automatically once published (article 93 of the constitution). Because of this, treaties such as the ECHR and ratified protocols have the status of law.

National GDPR implementation law

In Netherlands the GDPR is implemented by the Uitvoeringswet Algemene verordening gegevensbescherming[1] (“Dutch GDPR Implementation Act”).

Age of consent

In relation to information society services the age of consent is 16 years following Article 8(1) GDPR. There is no specific age of consent for other support and advisory services offered directly and for free to a minor, following Article 5(5) UAVG. In all other situations, the age of consent is 16 years, following Article 5(1) UAVG.

Freedom of Speech

Pursuant to Article 43 of the Dutch GDPR Implementation Act, if personal data is processed exclusively for journalistic purposes or academic, artistic, or literary forms of expression, then the regulations pertaining to data subject rights do not apply.

Employment context

The details on processing of personal data in an employment context are regulated in the privacy booklet published by the Dutch Data Protection Authority. The booklet contains matters such as how to exercise the right of consent with regard to processing and protection of employee personal data and digital employee tracking systems. The Dutch Data Protection Authority also published further explanations on its website.

Research

As per the Article 44 of the Dutch GDPR Implementation Act, and Articles 15, 16, and 18 of the GDPR do not apply in case personal data is processed by institutions or services for scientific research or statistics, and the required safeguards are implemented to ensure that the personal data can only be used for such purposes.

Other relevant national provisions and laws

National ePrivacy Law

The Telecommunications Act is the primary legislation governing the telecommunications sector in the Netherlands, including a chapter on privacy and telecommunications transposing the Directive on Privacy and Electronic Communications (2002/58/EC).

Data Protection Authority

The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) is the national data protection authority for the Netherlands.

→ Details see AP (The Netherlands)

Judicial protection

Civil Courts

Under Art. 79 GDPR, civil (and other) proceedings can be brought directly against a data controller. The rules of civil procedure are laid down in the Dutch Code of Civil Procedure.

Administrative Courts

Appeals from the Dutch DPA can be brought before one of the District Courts of First Instance (Rechtbank - Rb.) and further to the Administrative Jurisdiction Division of the Council of State (Afdeling Bestuursrechtspraak van de Raad van State - ABRvS).

Constitutional Court

There is no constitutional court in the Netherlands. Courts are explicitly prohibited by article 120 of the constitution to judge the constitutionality of national laws or treaties.

Supreme Court

Hoge Raad

As the highest court in the fields of civil, criminal and tax law in the Netherlands, the Supreme Court ('Hoge Raad') is responsible for hearing appeals in cassation and for a number of specific tasks with which it is charged by law.

Het Parket bij de Hoge Raad

The main task of the Procurator General of the Supreme Court is to provide the members of the Supreme Court with independent advice – known as an ‘advisory opinion’ (conclusion)- on how to rule in the cassation proceedings before them.

References