Short Reads

Proposal for a Dutch GDPR Implementation Act

Proposal for a Dutch GDPR Implementation Act

Proposal for a Dutch GDPR Implementation Act

24.02.2017 NL law

The proposal for a Dutch GDPR Implementation Act (Uitvoeringswet Algemene verordening gegevensbescherming, "Implementation Act") that seeks to implement the General Data Protection Regulation ("GDPR") was published online on 9 December 2016 for the purpose of public consultation. The GDPR has been adopted on 27 April 2016, and various posts on guidance regarding the contents of the GDPR can be found here.

The Implementation Act will contain a legal framework for implementing the GDPR in the Netherlands. As of 25 May 2018, this Implementation Act will replace the Dutch Data Protection Act ("DDPA"), which currently applies and implements EU Directive 95/46/EC. Because the GDPR has direct effect in all member states, the provisions thereof are not included verbatim in the Implementation Act, so one must consult both the GDPR and the Implementation Act in view of this layered legal framework.

The GDPR does require member states to implement specifically some topics by themselves, but it leaves discretionary room for specific implementation of other topics also. It is the latter which the Netherlands wishes to implement through its Implementation Act. The Dutch government has indicated that it will strive for “policy-neutral” implementation, meaning that the Dutch GDPR Implementation Act intends to follow the current DDPA as close as possible. However, we do note some specific changes that the Implementation Act will bring about if it remains unchanged from its current proposal form:

  • There will be changes as to how appointments are made at the competent supervisory authority, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens), and how those appointments are regulated. To safeguard the authority's independence, its officers will be appointed directly by the authority instead of by the Ministry of Security and Justice, as is currently the case.
  • There will be a specific exception allowing for the processing of biometric data for the sole purpose of identifying a natural person. Clause 26 of the Implementation Act will allow the processing of  biometric data if such processing "is done to identify the data subject where such identification is necessary and proportional for the legitimate purposes of the controller or a third party." This exception is the Netherlands’ specific implementation of Clause 9 of the GDPR that prohibits the processing of special categories of data including biometric data for the sole purpose of identifying a natural person, and which allows by member states to lay down exceptions to it as long as certain criteria are met (Clause 9(2)(b) GDPR).

The public consultation period for the Implementation Act proposal has ended on 20 January 2017. During this time, all citizens, companies, and other bodies or institutions could submit their reactions to the proposed Implementation Act. There have been 67 reactions, which can be consulted as they are publicly available.[3]

 

Team

Related news

08.11.2019 EU law
Erik Valgaeren is session chair during IBA's 6th Biennial Technology Law Conference in Berlin

Speaking slot - Stibbe's TMT partner, Erik Valgaeren, chairs a session discussing the new legal challenges, created by the most recent technological developments in the field of software, data, online services and telecom, including 5G, pricing algorithms, platforms and data monetization. This session will take place on the 8th of November 2019 in Berlin.

Read more

24.10.2019 BE law
Virtual Currency Regulation Law Review - Belgian chapter

Articles - The second edition of the Virtual Currency Regulation Law Review is intended to provide a practical, business-focused analysis of recent legal and regulatory changes and developments, and of their effects, and to look forward at expected trends in the area of virtual currencies on a country-by-country basis.

Read more

08.11.2019 BE law
Interview with Wouter Ghijsels on Next Gen lawyers

Articles - Stibbe’s managing partner Wouter Ghijsels shares his insights on the next generation of lawyers and the future of the legal profession at the occasion of the Leaders Meeting Paris where Belgian business leaders, politicians and inspiring people from the cultural and academic world will discuss this year's central theme "The Next Gen".

Read more

24.10.2019 BE law
Stibbe hosts a seminar on the act of 4th of April 19 on abuse of economic dependence

Seminar - On October 24th, VBO/FEB's Secretary General Philippe Lambrecht and Stibbe Brussels' Peter Wytinck, Paul Van der Putten, Erik Valgaeren and Sarah De Wulf hosted a lunch seminar aimed at clarifying the scope, interpretation and implications for businesses of the ground-breaking (but still enigmatic) law of 4 April 2019 on the abuse of economic dependence and unfair terms and practices in B2B relationships.

Read more

Our website uses functional cookies for the functioning of the website and analytic cookies that enable us to generate aggregated visitor data. We also use other cookies, such as third party tracking cookies - please indicate whether you agree to the use of these other cookies:

Privacy – en cookieverklaring