STAAT DER NEDERLANDEN (Ministerie van Volksgezondheid, Welzijn en Sport), – Court Ruling (Netherlands, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Dutch court ruled that the GGD did not take necessary steps to protect personal data during the COVID-19 pandemic. This matters because it highlights the importance of data security, especially when handling sensitive information. Companies should ensure their systems are secure to avoid similar issues.
What happened
The GGD failed to improve outdated IT systems before and during the COVID-19 pandemic, leading to a data breach.
Who was affected
Individuals whose personal data was processed by the GGD during the pandemic.
What the authority found
The court found that the GGD did not implement adequate measures to protect personal data, violating data protection rules.
Why this matters
This ruling emphasizes that organizations must prioritize data security, especially in crisis situations. It serves as a reminder for companies to regularly assess and upgrade their data protection measures.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
Before the COVID-19 pandemic: The State and others were already aware that the IT systems of the GGD were outdated and would not be suitable for handling a large epidemic or pandemic. Nevertheless, no adequate measures were taken to improve the systems. March 2020: The GGD systems, HPZone, and later CoronIT, are used to combat the COVID-19 pandemic. April 2020: The European Data Protection Board (EDPB) emphasizes the importance of data protection in combating the coronavirus. January 22, 2021: GGD GHOR Nederland reports a data breach to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP). This is referred to in the media as the "corona data leak." January 28, 2021: GGD GHOR publishes a page with "Frequently Asked Questions and Answers about Data Theft" on their website. At this time, there is still much uncertainty about the extent of the data leak. February 2021: Following media reports about the theft and trade of personal data from GGD systems, the AP announces that it will intensify its supervision of the GGD. KPMG advises GGD GHOR to stop using HPZone as soon as possible due to inadequate data protection. The AP investigates the security of websites linked to DigiD, including www.coronatest.nl. April 2021 to January 2022: The AP investigates whether GGD GHOR and two local GGDs have taken appropriate technical and organizational measures to protect personal data in the context of testing, vaccinating, and contact tracing. The AP acknowledges that the GGDs faced a huge challenge due to the pandemic, but emphasizes that good data security is essential, especially given the large amount of sensitive data the GGD processes. The AP shares its findings with GGD GHOR and gives them until March 1, 2022, to implement improvements. November 25, 2021: Stichting ICAM is founded with the aim of taking action against (threatened) privacy violations of citizens, including claiming compensation after data breaches. April 25, 2022: GGD GHOR sends letters to 1,2
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for STAAT DER NEDERLANDEN (Ministerie van Volksgezondheid, Welzijn en Sport), in NL
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. STAAT DER NEDERLANDEN (Ministerie van Volksgezondheid, Welzijn en Sport), - Netherlands (2024). Retrieved from cookiefines.eu
Last updated: