The Netherlands - European Lawyer Reference Series 2014

The Netherlands - European Lawyer Reference Series 2014

The Netherlands - European Lawyer Reference Series 2014

01.12.2014 NL law


In the past 10 years, more and more attention has been focused on corporate integrity. On a global scale, massive bankruptcies such as Enron have contributed to throwing the subject into the spotlight, while in the Netherlands, accountancy scandals such as Ahold have occurred.

These events, and more occasional infringements of competition law, have had a significant impact on regulation and have lead to the development and implementation of legislation (e.g. the US Sarbanes-Oxley Act of 2002) and a general increased interest in corporate governance (e.g. in the Netherlands the development and implementation of the Corporate Governance Code).

As a knock-on effect, individual enterprises have themselves become more focused on their corporate integrity and as a consequence, the role of compliance offer has become increasingly important, inter alia because of the increasingly detailed legislation and supervision required. Following on from that, there has been an increase in internal or corporate investigations, which many companies see as a means of internal risk control. A corporate investigation will most likely be commenced if any trouble (or indication of it) arises and such investigation has the purpose of mapping the issue and making an assessment of the risks contained in it. The results of it can be instrumental for the determination of future strategy. In addition, the results of the investigation can be used to ensure adequate internal reporting, e.g. to the supervisory board.

When commencing a corporate investigation, or when designing and setting up procedures for such corporate investigation to be commenced later, one should keep in mind that the investigation itself must be incorruptible, both with regard to the design and the execution. Errors in these areas could lead to the results of the investigation being unusable, and could even damage the enterprise, for instance, if the impression arises that there is a cover-up being put in place. Below, we will explore a number of relevant issues of both a legal and practical nature and we will address what measures a company can take in the event that the investigation brings a fraud by (for example) employees to light.

The Dutch context: legal framework

First of all, it should be noted that Dutch labour law provides strong protection for employees. It speaks for itself that an employee does not have the same freedoms during working hours as outside them, but fundamental rights such as the right to privacy, and the right to confidentiality of mail and telephone conversations (in principle) also apply during working hours. These rights are laid down in statute, but can also be vested in individual or collective labour agreements.

Further, it should be noted that employees also have a say in the development of policies within their company. This right also applies when the company seeks to implement a plan to install mechanisms that can be used for observing or controlling the presence, behaviour and performance of employees. Examples include the installation of cameras and the checking of email and the use of the internet. The works council must endorse such policies before they can be put in place (but only in general, not specific circumstances).

As a general rule, the following can be observed. The company may not infringe the employee’s privacy any more than necessary. The measure taken must meet the requirements of proportionality (being in proportion to the envisaged goal) and subsidiarity (a lighter measure is not available). In addition, a reasonable expectation of privacy might play a role (see EHRM 25 June 1997, NJ 1998, 506 (Halford)). How these (relatively vague) standards should be applied, depends on the circumstances of the case. It is clear, however, that, for instance, permanent camera surveillance is not allowed, while camera surveillance in the event of concrete suspicions of fraud will be allowed. (See Court of Appeals – Hertogenbosch, 2 July 1986, NJ 1987, 451 (Koma/Industriebond FNV) and Dutch Supreme Court, 27 April 2001, NJ 2001, 421 (Wennekes Lederwaren).

Dutch law does not provide for statutory laws specifically regulating investigations. This does not mean, however, that the fundamental rights as described above have not sunk into almost every relevant aspect of the Dutch legal landscape. There is one statutory law that provides specific and concrete rules that are relevant for an internal investigation that requires a deeper exploration here. The Dutch Data Protection Act (DDPA), or Wet bescherming persoonsgegevens (WBP), which is based on a European directive, contains standards for sound and prudent processing of personal data. The most important points in the DDPA are:

  • The scope of the DDPA is limited to the full or partial automated processing of personal data in the framework of the activities of a responsible superior (in this case, the employer). Both the term personal data and the term processing have broad definitions. Under ‘personal data’ falls not only written data or data contained in a database, but also visual material (such as video or photo images) and audio material (such as a recording of a telephone conversation).
  • It is decisive whether the data relate to a person that is identified or can potentially be identified, as anonymous or encoded data do not fall within the scope of the DDPA.
  • The term ‘processing’ comprises virtually all acting, as of the moment of acquiring the data up until the moment of destroying the data. This means that almost all a company’s investigation methods will fall within the scope of the DDPA.
  • If it is established that the DDPA applies, then the recording of the data must be registered with the board for the protection of personal data EUROPEAN LAWYER REFERENCE SERIES 273 The Netherlands (College bescherming persoonsgegevens or CPB). It must be noted that there is an exception in the event the data are collected for the purposes of legal proceedings against the relevant employee.
  • From relevant case law about the use of investigation methods by the employer, it appears that employees only in exceptional cases invoke the DDPA or the violation of their privacy. In addition, courts only in exceptional cases apply the DDPA ex officio. This can, however, play a significant role when weighing the interests in employment litigation.
  • The company can make the collection of personal data ‘DDPA-proof’ by compiling an internal code of conduct in which it is stipulated which kind of data will be processed and for what purpose.

Read full article here.

Related news

25.06.2019 LU law
The dawn of a new era of cross-border mobility within the EU?

Seminar - François Bernard, Senior Associate at Stibbe Luxembourg, will conduct a seminar in Luxembourg on 25 June in collaboration with Legitech on Directive proposal COM2018 (241 final) amending the cross-border merger regime currently enshrined in Directive (EU) 2017/1132 and introducing a new regime applicable to cross-border conversions and divisions.

Read more

03.06.2019 NL law
Toerekening van kennis van groepsvennootschappen

Articles - In de praktijk doet zich vaak de vraag voor of kennis die aanwezig is binnen de ene vennootschap kan worden toegerekend aan een andere vennootschap binnen hetzelfde concern. In dit artikel verkent Branda Katan zowel de dogmatische grondslag als de praktische toepassing van een dergelijke toerekening. Zij concludeert dat het ‘Babbel-criterium’ (heeft in de gegeven omstandigheden de kennis X in het maatschappelijk verkeer te gelden als kennis van Y?) geschikt is voor het toerekenen van kennis in concernverband.

Read more

13.06.2019 NL law
EU reshaping the restructuring landscape? Directive on Restructuring and Insolvency approved by EU Council

Short Reads - The Council of the European Union adopted a proposal for a Directive on restructuring and insolvency (2016/0359 (COD) on 6 June 2019. The Directive will enter into force twenty days after it is published in the Official Journal of the European Union. From that date, Member States will have two years to implement the substantive parts of the Directive in their national legislation, although a one year extension can be granted.

Read more

28.05.2019 NL law
Dutch court: insufficient substantiation? No follow-on cartel damages action

Short Reads - Dutch courts are forcing claimants (including claims vehicles) to be well-prepared before initiating follow-on actions. The Amsterdam District Court in the Dutch trucks cartel follow-on proceedings recently ruled that claimants – specifically CDC, STCC, Chapelton, K&D c.s. and STEF c.s. – had insufficiently substantiated their claims. These claimants now have until 18 September 2019 to provide sufficient facts regarding transactions that – according to them – were affected by the cartel. Preparation should thus be key for cartel damages actions.

Read more

04.06.2019 NL law
Dutch Supreme Court clarifies evidentiary rules concerning signatures and signed documents

Short Reads - In two recent decisions, the Dutch Supreme Court has clarified the evidentiary power of signed documents. If the signatory unambiguously denies that the signature on the document is his or hers or claims that another party has tampered with the signature (for instance, through forgery or copying a signature from one document and pasting it in another), it is up to the party invoking the signed document to prove the signature's authenticity (ECLI:NL:HR:2019:572).

Read more

24.05.2019 NL law
European regulatory initiatives for online platforms and search engines

Short Reads - As part of the digital economy, the rise of online platforms and search engines raises all kinds of legal questions. For example, do bicycle couriers qualify as employees who are entitled to ordinary labour law protections? Or should they be considered self-employed (see our Stibbe website on this issue)? The rise of online platforms also triggers more general legal questions on the relationship between online platforms and their users. Importantly, the European Union is becoming increasingly active in this field.

Read more

Our website uses functional cookies for the functioning of the website and analytic cookies that enable us to generate aggregated visitor data. We also use other cookies, such as third party tracking cookies - please indicate whether you agree to the use of these other cookies:

Privacy – en cookieverklaring