Enhance Contrast

Privacy legislation also applies on the Internet - Guidelines finalised on the publication of personal data on the Internet

On 11 December 2007, the Dutch data protection authority has published the finalised Guidelines for the publication of personal data on the Internet in the Netherlands Government Gazette (Staatscourant). The Dutch DPA will use the Guidelines as policy rules for the implementation of supervision.

For data controllers, such as the owners of websites, compliance with the statutory regulations for the publication of personal data on the Internet is neither difficult nor costly to achieve. The most important rules require that they inform those involved that certain information is being published, and that they remove any such data if the individual concerned expresses his or her objections to their publication. The controllers must also take steps to ensure that appropriate security measures are in place on websites containing personal data. At the same time, there are many different steps that data subjects can take in order to ensure that the controllers fulfil their obligations. The Dutch DPA provides further information on these, and also provides sample letters that may be used in a variety of situations. By means of this dual approach, the Dutch DPA is hoping to ensure that personal data are afforded greater security when used on the Internet.

Prior to the completion of these Guidelines - Publication of Personal Data on the Internet have been made public for consultation. A number of organisations that are active in this field have been asked to respond. Changes are limited. Most importantly, more examples were added with regard to youth and 2.0. The supervisory activities of the Dutch DPA will focus upon serious and structural violations of the privacy legislation in the case of publications on the Internet.

About the Dutch DPA

The Dutch Data Protection Authority (Dutch DPA) supervises compliance with legislation regulating the use of personal data, under the terms of the Wet bescherming persoonsgegevens (WBP) [Dutch Data Protection Act]. The use of personal data must be notified to the Dutch DPA unless the situation is covered by an exemption.

The Dutch DPA advises the government and other organisations on the protection of personal data and associated topics. The Dutch DPA assesses codes of conduct and mediates in disputes between citizens and users of personal data. The Dutch DPA can, either on its own initiative or at the request of an interested party, investigate whether the way in which personal data has been used in a particular situation is in line with the Act, and can impose sanctions if necessary. A fine may be imposed for continued failure to report. In the event of an infringement of the Act, or its subordinate regulations, the Dutch DPA can proceed to impose an administrative fine or incremental penalty.