The Dutch data protection authority, Autoriteit Persoonsgegevens, fined tax authorities 3.7 million euros for violating the EU General Data Protection Regulation. The fine, the highest the DPA has ever imposed, was based on six violations including no legal basis for the processing of personal data, the goal of Fraud Signaling Facility was not defined in advance, contained incorrect information and information was kept for too long. The tax authorities can appeal the decision.
12 April 2022
Dutch DPA issues its highest fine
Related stories
Notes from the IAPP Canada: Privacy watchdogs — What the 2024–25 annual reports reveal
A view from DC: Competing Republican visions for tech policy in the 118th Congress
A view from Brussels: Addressing data retention discrepancies
Notes from the Asia-Pacific region: Privacy matters to customers, individuals, society
European Commission receives final version of General-Purpose AI Code of Practice