People and companies who violate privacy rules are to get hefty fines under new legislation that is likely to come into force this autumn, says the head of the Dutch Data Protection Authority (DPA). The fines could range from 25,000 euros for individuals to several million euros for large companies, Jacob Kohnstamm told newspaper AD.

The law is being drawn up by the justice ministry in close cooperation with the DPA. Individuals, companies and organisations who publish pictures and video footage of people whom they accuse or suspect of committing an offence or crime would risk fines of 25,000 euros, according to Mr Kohnstamm. Large companies, such as Google, Microsof and Facebook who misuse personal data or jeopardise people’s privacy could face fines of several million euros.

“People’s personal data are being used by others all the time, without their realising it in the least”, Mr Kohnstamm stresses. Constant innovations in technology and the internet are making people’s privacy more and more vulnerable.

“When I ask people for their credit card number, their name and the security code on the back of the card, they’re shocked and say no. In the meantime, however, such data are being stored in more and more places—quite often without the necessary safeguards. That’s what we keep an eye on. The new, steep fines will make sure that people’s privacy will be respected.”

The DPA, he adds, is also launching a large-scale inquiry into regional electronic medical records. In contrast to the national medical records, the regional ones have still not been abolished, even though they lack a legal basis. Doctors, hospitals, pharmacies and health care providers, the DPA alleges, often store personal medical details without asking the patients for permission. “Probably they do so with the best of intentions, but that doesn’t mean it’s allowed.” 

(cl/imm)

© Radio Netherlands Worldwide