The Netherlands' data protection authority, Autoriteit Persoonsgegevens, fined the Ministry of Foreign Affairs 565,000 euros for processing approximately 530,000 visa applications per year over the last three years without sufficient personal data protections, a violation of the EU General Data Protection Regulation. The DPA identified risks that unauthorized individuals could access and change files within the ministry’s National Visa Information System. It also determined the ministry did not adequately notify visa applicants about the sharing of their personal data with other parties.
Dutch DPA fines Ministry of Foreign Affairs 565K euros for GDPR violations
Related stories
Digital policy 2024: A year in review with Omer Tene
A view from DC: Watergate and the Privacy Act of 1974
Notes from the IAPP Canada: Regulatory sandboxes can help shed light on issues
Notes from the IAPP Europe: DSA and elections in Europe, first AI Factories and more
Notes from the Asia-Pacific region: India's competition commission fines Meta, parliamentarians focus on AI
