The Netherlands - European Lawyer Reference Series 2014

The Netherlands - European Lawyer Reference Series 2014

The Netherlands - European Lawyer Reference Series 2014

01.12.2014 NL law


In the past 10 years, more and more attention has been focused on corporate integrity. On a global scale, massive bankruptcies such as Enron have contributed to throwing the subject into the spotlight, while in the Netherlands, accountancy scandals such as Ahold have occurred.

These events, and more occasional infringements of competition law, have had a significant impact on regulation and have lead to the development and implementation of legislation (e.g. the US Sarbanes-Oxley Act of 2002) and a general increased interest in corporate governance (e.g. in the Netherlands the development and implementation of the Corporate Governance Code).

As a knock-on effect, individual enterprises have themselves become more focused on their corporate integrity and as a consequence, the role of compliance offer has become increasingly important, inter alia because of the increasingly detailed legislation and supervision required. Following on from that, there has been an increase in internal or corporate investigations, which many companies see as a means of internal risk control. A corporate investigation will most likely be commenced if any trouble (or indication of it) arises and such investigation has the purpose of mapping the issue and making an assessment of the risks contained in it. The results of it can be instrumental for the determination of future strategy. In addition, the results of the investigation can be used to ensure adequate internal reporting, e.g. to the supervisory board.

When commencing a corporate investigation, or when designing and setting up procedures for such corporate investigation to be commenced later, one should keep in mind that the investigation itself must be incorruptible, both with regard to the design and the execution. Errors in these areas could lead to the results of the investigation being unusable, and could even damage the enterprise, for instance, if the impression arises that there is a cover-up being put in place. Below, we will explore a number of relevant issues of both a legal and practical nature and we will address what measures a company can take in the event that the investigation brings a fraud by (for example) employees to light.

The Dutch context: legal framework

First of all, it should be noted that Dutch labour law provides strong protection for employees. It speaks for itself that an employee does not have the same freedoms during working hours as outside them, but fundamental rights such as the right to privacy, and the right to confidentiality of mail and telephone conversations (in principle) also apply during working hours. These rights are laid down in statute, but can also be vested in individual or collective labour agreements.

Further, it should be noted that employees also have a say in the development of policies within their company. This right also applies when the company seeks to implement a plan to install mechanisms that can be used for observing or controlling the presence, behaviour and performance of employees. Examples include the installation of cameras and the checking of email and the use of the internet. The works council must endorse such policies before they can be put in place (but only in general, not specific circumstances).

As a general rule, the following can be observed. The company may not infringe the employee’s privacy any more than necessary. The measure taken must meet the requirements of proportionality (being in proportion to the envisaged goal) and subsidiarity (a lighter measure is not available). In addition, a reasonable expectation of privacy might play a role (see EHRM 25 June 1997, NJ 1998, 506 (Halford)). How these (relatively vague) standards should be applied, depends on the circumstances of the case. It is clear, however, that, for instance, permanent camera surveillance is not allowed, while camera surveillance in the event of concrete suspicions of fraud will be allowed. (See Court of Appeals – Hertogenbosch, 2 July 1986, NJ 1987, 451 (Koma/Industriebond FNV) and Dutch Supreme Court, 27 April 2001, NJ 2001, 421 (Wennekes Lederwaren).

Dutch law does not provide for statutory laws specifically regulating investigations. This does not mean, however, that the fundamental rights as described above have not sunk into almost every relevant aspect of the Dutch legal landscape. There is one statutory law that provides specific and concrete rules that are relevant for an internal investigation that requires a deeper exploration here. The Dutch Data Protection Act (DDPA), or Wet bescherming persoonsgegevens (WBP), which is based on a European directive, contains standards for sound and prudent processing of personal data. The most important points in the DDPA are:

  • The scope of the DDPA is limited to the full or partial automated processing of personal data in the framework of the activities of a responsible superior (in this case, the employer). Both the term personal data and the term processing have broad definitions. Under ‘personal data’ falls not only written data or data contained in a database, but also visual material (such as video or photo images) and audio material (such as a recording of a telephone conversation).
  • It is decisive whether the data relate to a person that is identified or can potentially be identified, as anonymous or encoded data do not fall within the scope of the DDPA.
  • The term ‘processing’ comprises virtually all acting, as of the moment of acquiring the data up until the moment of destroying the data. This means that almost all a company’s investigation methods will fall within the scope of the DDPA.
  • If it is established that the DDPA applies, then the recording of the data must be registered with the board for the protection of personal data EUROPEAN LAWYER REFERENCE SERIES 273 The Netherlands (College bescherming persoonsgegevens or CPB). It must be noted that there is an exception in the event the data are collected for the purposes of legal proceedings against the relevant employee.
  • From relevant case law about the use of investigation methods by the employer, it appears that employees only in exceptional cases invoke the DDPA or the violation of their privacy. In addition, courts only in exceptional cases apply the DDPA ex officio. This can, however, play a significant role when weighing the interests in employment litigation.
  • The company can make the collection of personal data ‘DDPA-proof’ by compiling an internal code of conduct in which it is stipulated which kind of data will be processed and for what purpose.

Read full article here.

Related news

16.09.2022 NL law
Webinar Verschoningsrecht

Articles - Tim de Greve gaat samen met Prof. Petra van Kampen in op actuele ontwikkelingen in het verschoningsrecht tijdens het webinar Verschoningsrecht van de Academie voor de Rechtspraktijk. Dit webinar is hier terug te kijken.

Read more

27.07.2022 NL law
Voortgang consultatie Corporate Governance Code

Short Reads - In februari van dit jaar heeft de Monitoring Commissie Corporate Governance Code (de "Commissie") een voorstel voor een gewijzigde Nederlandse Corporate Governance Code (de "Code") in consultatie gebracht (klik hier voor het consultatiedocument). Stibbe heeft op deze voorstellen gereageerd. In een eerdere Corporate Alert zijn wij ingegaan op de hoofdlijnen van het voorstel. Daartoe behoren de sterkere aanzet van duurzaamheid en ESG, de rol van aandeelhouders, diversiteit en inclusie, en versterkte aandacht voor gedrag en cultuur. 

Read more

13.09.2022 NL law
Aard en uitleg van statuten

Short Reads - Al lange tijd is het een gemeenplaats in de rechtspraak en de literatuur dat statuten zo niet steeds, dan ten minste in beginsel naar objectieve maatstaven uitgelegd moeten worden. Ter ondersteuning van deze opvatting wordt aangevoerd dat de bijzondere aard van de statuten in beginsel tot een objectieve uitleg dwingt.

Read more

27.07.2022 NL law
Actualiteiten Internationaal Maatschappelijk Verantwoord Ondernemen (IMVO) 

Short Reads - De aandacht voor (Internationaal) Maatschappelijk Verantwoord Ondernemen (“(I)MVO”) en Environmental, Social and Governance factoren (“ESG”) en verantwoording daarover blijft onverminderd groot. Wij zien op nationaal en Europees niveau tal van ontwikkelingen, zoals de publicatie van het voorstel voor een Europese Corporate Sustainability Due Diligence richtlijn. Wij stippen enkele Europese en nationale initiatieven aan. 

Read more