The Dutch data protection authority, Autoriteit Persoonsgegevens, fined tax authorities 3.7 million euros for violating the EU General Data Protection Regulation. The fine, the highest the DPA has ever imposed, was based on six violations including no legal basis for the processing of personal data, the goal of Fraud Signaling Facility was not defined in advance, contained incorrect information and information was kept for too long. The tax authorities can appeal the decision.
12 April 2022
Dutch DPA issues its highest fine
RELATED STORIES
Privacy in Arkansas: Is Arkansas ready for a consumer privacy law?
A view from DC: CFPB calls for states to regulate financial privacy
Notes from the IAPP Canada: OPC's WADA investigation 'raises some interesting issues'
A view from Brussels: European Commission's new tech policy center of gravity
First fine imposed under Thailand's Personal Data Protection Act
