UWV (Dutch employee insurance service provider) – €450,000 Fine (Netherlands, 2021)

€450,000Autoriteit Persoonsgegevens31 May 2021Netherlands
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Dutch privacy authority fined UWV EUR 450,000 for not securing group messages on its website. This led to data leaks of personal and health information for over 15,000 people. It's a reminder for businesses to ensure their online communication tools are secure.

What happened

UWV failed to secure group messages on its website, leading to data leaks.

Who was affected

Over 15,000 job seekers using UWV's 'My Workbook' environment had their personal and health information exposed.

What the authority found

The Dutch privacy authority found UWV violated GDPR's security requirements by not properly securing personal data.

Why this matters

This case highlights the importance of securing online communication tools to protect sensitive user information. Companies should regularly review and update their security measures to prevent data leaks.

GDPR Articles Cited

AI-verified

Art. 32(1) GDPR
Art. 32(2) GDPR
View original scraped data
Art. 32 GDPR

Original data from scraper before AI verification against source document.

National Law Articles

AI-identified

Art. 13 Wet bescherming persoonsgegevens
Source verified 6 March 2026
articles corrected
national law identified
Netherlands enforcementAutoriteit Persoonsgegevens actionsAll UWV (Dutch employee insurance service provider) actions
Full Legal Summary
Detailed

The Dutch DPA (AP) has fined UWV (the Dutch employee insurance service provider - 'Uitvoeringsinstituut Werknemersverzekeringen) EUR 450,000. The UWV had not properly secured the sending of group messages via the 'My Workbook' environment. This is a personal environment on the UWV website where job seekers have contact with the UWV. As a result, there were multiple data leaks of personal information, including health information, from a total of more than 15,000 individuals.

Related Enforcement Actions (1)

Other enforcement actions involving UWV (Dutch employee insurance service provider) in NL

Fine
Oct 2019· Autoriteit Persoonsgegevens

As the UWV (the Dutch employee insurance service provider - 'Uitvoeringsinstituut Werknemersverzekeringen') did not use multi-factor authentication wh...

€900K
Current
May 2021

Fine

€450K

Details

Fine Date

31 May 2021

Authority

Autoriteit Persoonsgegevens

Fine Amount

€450,000

Enforcement Tracker ID

ETid-751

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. UWV (Dutch employee insurance service provider) - Netherlands (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: