The Dutch Data Protection Authority (DPA) has published guidelines including six recommendations regarding privacy policies for companies operating in the Netherlands.
Autoriteit Persoonsgegevens (the Dutch DPA) recommends companies who are drafting and implementing privacy policies to:
- Collaborate with privacy specialists, including the company’s data protection officers and external experts, when designing and implementing privacy policies.
- Establish specific and robust privacy policies which reflect the basic principles of GDPR.
- Implement privacy policies even if GDPR does not require them, as this will show that the company is making every effort to secure protecting personal private data.
These recommendations result from DPA’s investigations into existing privacy policies of companies operating in the Netherlands. The DPA investigates companies that process sensitive personal data, including health data and data related to individuals’ political beliefs. Alongside the recommendations, the Dutch DPA released a report (in Dutch) summarising the investigation’s results.
- A description of the range and types of personal data that is being processed.
- A description of the aims of the processing of private data.
- Details about data subjects’ rights.
The Dutch DPA’s investigation concluded that the privacy policies’ descriptions of the types of personal data processed and processing aims were usually inadequate or incomplete. This prompted the Dutch DPA to create the six recommendations above that it believes companies should take into account when drafting privacy policies.
This comes not long after the annual report of the Dutch DPA revealed that “at least 94% of people are worried about the protection of their personal data. People are primarily concerned about fraudulent use of their identity documents, monitoring of their online search behaviour and Wi-Fi tracking. In regard to these situations, people tend to feel that they don’t have
complete control over their personal data.”
Chair of the Dutch DPA, Aleid Wolfsen said: “What it’s ultimately about is people having greater control over their personal data.”