STAAT DER NEDERLANDEN (Ministerie van Volksgezondheid, Welzijn en Sport), – Court Ruling (Netherlands, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Before the COVID-19 pandemic: The State and others were already aware that the IT systems of the GGD were outdated and would not be suitable for handling a large epidemic or pandemic. Nevertheless, no adequate measures were taken to improve the systems. March 2020: The GGD systems, HPZone, and later CoronIT, are used to combat the COVID-19 pandemic. April 2020: The European Data Protection Board (EDPB) emphasizes the importance of data protection in combating the coronavirus. January 22, 2021: GGD GHOR Nederland reports a data breach to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP). This is referred to in the media as the "corona data leak." January 28, 2021: GGD GHOR publishes a page with "Frequently Asked Questions and Answers about Data Theft" on their website. At this time, there is still much uncertainty about the extent of the data leak. February 2021: Following media reports about the theft and trade of personal data from GGD systems, the AP announces that it will intensify its supervision of the GGD. KPMG advises GGD GHOR to stop using HPZone as soon as possible due to inadequate data protection. The AP investigates the security of websites linked to DigiD, including www.coronatest.nl. April 2021 to January 2022: The AP investigates whether GGD GHOR and two local GGDs have taken appropriate technical and organizational measures to protect personal data in the context of testing, vaccinating, and contact tracing. The AP acknowledges that the GGDs faced a huge challenge due to the pandemic, but emphasizes that good data security is essential, especially given the large amount of sensitive data the GGD processes. The AP shares its findings with GGD GHOR and gives them until March 1, 2022, to implement improvements. November 25, 2021: Stichting ICAM is founded with the aim of taking action against (threatened) privacy violations of citizens, including claiming compensation after data breaches. April 25, 2022: GGD GHOR sends letters to 1,2
GDPR Articles Cited
National Law Articles
Before the COVID-19 pandemic: The State and others were already aware that the IT systems of the GGD were outdated and would not be suitable for handling a large epidemic or pandemic. Nevertheless, no adequate measures were taken to improve the systems. March 2020: The GGD systems, HPZone, and later CoronIT, are used to combat the COVID-19 pandemic. April 2020: The European Data Protection Board (EDPB) emphasizes the importance of data protection in combating the coronavirus. January 22, 2021: GGD GHOR Nederland reports a data breach to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP). This is referred to in the media as the "corona data leak." January 28, 2021: GGD GHOR publishes a page with "Frequently Asked Questions and Answers about Data Theft" on their website. At this time, there is still much uncertainty about the extent of the data leak. February 2021: Following media reports about the theft and trade of personal data from GGD systems, the AP announces that it will intensify its supervision of the GGD. KPMG advises GGD GHOR to stop using HPZone as soon as possible due to inadequate data protection. The AP investigates the security of websites linked to DigiD, including www.coronatest.nl. April 2021 to January 2022: The AP investigates whether GGD GHOR and two local GGDs have taken appropriate technical and organizational measures to protect personal data in the context of testing, vaccinating, and contact tracing. The AP acknowledges that the GGDs faced a huge challenge due to the pandemic, but emphasizes that good data security is essential, especially given the large amount of sensitive data the GGD processes. The AP shares its findings with GGD GHOR and gives them until March 1, 2022, to implement improvements. November 25, 2021: Stichting ICAM is founded with the aim of taking action against (threatened) privacy violations of citizens, including claiming compensation after data breaches. April 25, 2022: GGD GHOR sends letters to 1,2
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for STAAT DER NEDERLANDEN (Ministerie van Volksgezondheid, Welzijn en Sport), in NL
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. STAAT DER NEDERLANDEN (Ministerie van Volksgezondheid, Welzijn en Sport), - Netherlands (2024). Retrieved from cookiefines.eu
Last updated: