Dutch Foreign Ministry – €565,000 Fine (Netherlands, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Dutch Foreign Ministry was fined €565,000 for not securing personal data in its visa system. Sensitive information like fingerprints and travel details were at risk due to poor security. This case highlights the importance of protecting personal data to prevent unauthorized access.
What happened
The Dutch Foreign Ministry failed to secure personal data in its National Visa Information System, risking unauthorized access.
Who was affected
Visa applicants whose sensitive personal data, such as fingerprints and travel details, were inadequately protected.
What the authority found
The Dutch DPA found the Foreign Ministry grossly negligent for not fixing known security flaws, violating GDPR's data protection requirements.
Why this matters
This case underscores the critical need for robust data security measures, especially when handling sensitive information. Organizations must promptly address known vulnerabilities to comply with data protection laws.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The Dutch DPA has imposed a fine of EUR 565,000 on the Dutch Foreign Ministry. As part of its investigation, the DPA found that the National Visa Information System (NVIS) suffered from significant security deficiencies. This is particularly serious as the Foreign Ministry has processed an average of 530,000 visa applications per year over the last three years and the personal data processed in the course of the applications was therefore inadequately secured. The data included sensitive information such as fingerprints, name, address, place of residence, country of birth, purpose of travel and nationality. Due to the inadequate security measures, it would have been possible for unauthorized persons to access the data. According to DPA, the Foreign Ministry had been aware of the security flaws in the visa system for some time. Despite this knowledge, the Ministry did not adjust the security measures in time. For this reason, the DPA finds that the Ministry acted with gross negligence. The DPA also found that the Foreign Ministry did not adequately inform individuals who applied for visas that their personal information would be shared with other parties.
Related Enforcement Actions (0)
No other enforcement actions found for Dutch Foreign Ministry in NL
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
24 February 2022
Authority
Autoriteit Persoonsgegevens
Fine Amount
€565,000
Enforcement Tracker ID
ETid-1119
About this data
Cite as: Cookie Fines. Dutch Foreign Ministry - Netherlands (2022). Retrieved from cookiefines.eu
Last updated: