Stichting Ondersteuning Provinciale Fractie Overijssel Partij voor de Vrijheid – €7,500 Fine (Netherlands, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Dutch political party was fined for accidentally sharing email addresses of its members in a public invitation. This included sensitive information about political opinions. The incident shows how easily personal data can be exposed and the importance of checking email settings before sending.
What happened
Stichting Ondersteuning Provinciale Fractie Overijssel Partij voor de Vrijheid shared a mailing list of 101 email addresses in a public invitation.
Who was affected
The affected individuals were the recipients of the email, whose addresses were exposed, potentially revealing their political affiliations.
What the authority found
The Dutch DPA ruled that the party improperly disclosed personal data, including sensitive political opinions, violating GDPR rules.
Why this matters
This case highlights the risks of email mishaps and the importance of safeguarding sensitive data. Political organizations and others should ensure they use proper email practices to protect personal information.
GDPR Articles Cited
Entities Involved
The Dutch DPA, Autoriteit Persoonsgegevens (AP) launched an investigation into a possible breach of the GDPR against the provincial political party PVV Overijsssel after an individual filed a complaint. PVV is an acronym for Partij voor de Vrijheid, which means Party for Freedom. PVV Overijsssel, whose legal form is a foundation, is a provincial political party that participates in elections in the Dutch province of Overijssel. On 10 January 2019, the PVV Overijssel sent out an invitation to an event for the party's constituency evening ("achterbanavond"). At this event, the party planned to present its list of candidates for the provincial elections in March 2019. The PVV members of the national parliament would also be present and the participants would have the opportunity to talk to representatives of the party. The invitation was sent by email with the introductory phrase "Dear friends of the PVV". Each recipient was able to view the entire mailing list of 101 email addresses. On 11 January 2019, the complainant who had received the invitation sent an email to the PVV asking the party to remove him/her from the list and confirming that this had been done. In addition, the recipient expressed that the publication of the e-mail addresses was questionable from a data protection point of view. On the same day, a PVV employee confirmed that the person had been removed from the email list and apologised for the incident. Just a few days later, on January 15, 2019, the complainant again received an email inviting him/her to the same event, but this time the recipient list was not visible. The complainant again tried to get PVV to remove him/her from the list. When the AP investigated the matter, it found that at least some of the email addresses in the recipient list made the owners of the email addresses directly or indirectly identifiable. The AP also considered this as a special category (sensitive) of personal data concerning political opinions under Article 9(1)
Related Enforcement Actions (0)
No other enforcement actions found for Stichting Ondersteuning Provinciale Fractie Overijssel Partij voor de Vrijheid in NL
This is the only recorded action for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Stichting Ondersteuning Provinciale Fractie Overijssel Partij voor de Vrijheid - Netherlands (2021). Retrieved from cookiefines.eu
Last updated: