Data Protection Regulation in the Netherlands

This article uses the sociolegal perspective to address current problems surrounding data protection and the experimental use of automated decision-making systems. This article outlines and discusses the hard laws regarding national adaptations of the European General Data Protection Regulation and other regulations as well as the use of automated decision-making in the public sector in six European countries (Denmark, Sweden, Germany, Finland, France, and the Netherlands). Despite its limitations, the General Data Protection Regulation has impacted the geopolitics of the global data market by empowering citizens and data protection authorities to voice their complaints and conduct investigations regarding data breaches. We draw on the Esping-Andersen welfare state typology to advance our understanding of the different approaches of states to citizens’ data protection and data use for automated decision-making between countries in the Nordic regime and the Conservative-Corporatist regime. Our study clearly indicates a need for additional legislation regarding the use of citizens’ data for automated decision-making and regulation of automated decision-making. Our results also indicate that legislation in Finland, Sweden, and Denmark draws upon the mutual trust between public administrations and citizens and thus offers only general guarantees regarding the use of citizens’ data. In contrast, Germany, France, and the Netherlands have enacted a combination of general and sectoral regulations to protect and restrict citizens’ rights. We also identify some problematic national policy responses to the General Data Protection Regulation that empower governments and related institutions to make citizens accountable to states’ stricter obligations and tougher sanctions. The article contributes to the discussion on the current phase of the developing digital welfare state in Europe and the role of new technologies (i.e., automated decision-making) in this phase. We argue that states and public institutions should play a central role in strengthening the social norms associated with data privacy and protection as well as citizens’ right to social security.

Download Full-text

Courts, privacy and data protection in the Netherlands: European influence and trends in litigation

Courts, Privacy and Data Protection in the Digital Environment ◽

10.4337/9781784718718.00016 ◽

2017 ◽

pp. 162-179

Author(s):

Colette Cuijpers

Keyword(s):

The Netherlands ◽

Data Protection

Download Full-text

Privacy and Data Protection In The Workplace: The Netherlands

Reasonable Expectations of Privacy? - Information Technology and Law Series ◽

10.1007/978-90-6704-589-6_7 ◽

2005 ◽

pp. 139-165

Author(s):

Frank Hendrickx

Keyword(s):

The Netherlands ◽

Data Protection

Download Full-text

Feasibility and impact of data-driven learning within the suicide prevention action network of thirteen specialist mental healthcare institutions (SUPRANET Care) in the Netherlands: a study protocol

BMJ Open ◽

10.1136/bmjopen-2018-024398 ◽

2018 ◽

Vol 8 (8) ◽

pp. e024398 ◽

Cited By ~ 3

Author(s):

Kim Setkowski ◽

Jan Mokkenstorm ◽

Anton JLM van Balkom ◽

Gerdien Franx ◽

Inge Verbeek- van Noord ◽

...

Keyword(s):

Intensive Care ◽

The Netherlands ◽

Suicide Prevention ◽

Data Protection ◽

Suicide Attempts ◽

Human Subjects ◽

Mental Healthcare ◽

Suicide Rates ◽

Action Network ◽

The Impact

IntroductionImprovement of the quality and safety of care is associated with lower suicide rates among mental healthcare patients. In The Netherlands, about 40% of all people that die by suicide is in specialist mental healthcare. Unfortunately, the degree of implementation of suicide prevention policies and best practices within Dutch mental healthcare services is variable. Sharing and comparing outcome and performance data in confidential networks of professionals working in different organisations can be effective in reducing practice variability within and across organisations and improving quality of care.Methods and analysisUsing formats of professional networks to improve surgical care (Dutch Initiative for Clinical Auditing) and somatic intensive care (National Intensive Care Evaluation), 113 Suicide Prevention has taken the lead in the formation of a Suicide Prevention Action Network (SUPRANET Care), with at present 13 large Dutch specialist mental health institutions. Data on suicide, suicide attempts and their determinants as well as consumer care policies and practices are collected biannually, after consensus rounds in which key professionals define what data are relevant to collect, how it is operationalised, retrieved and will be analysed. To evaluate the impact of SUPRANET Care, standardised suicide rates will be calculated adjusted for confounding factors. Second, the extent to which suicide attempts are being registered will be analysed with the suicide attempt data. Finally, professionals’ knowledge, attitude and adherence to suicide prevention guidelines will be measured with an extended version of the Professionals In Training to STOP suicide survey.Ethics and disseminationThis study has been approved by the Central Committee on Research Involving Human Subjects, The Netherlands. This study does not fall under the scope of the Medical Research Involving Human Subjects Act (WMO) or the General Data Protection Regulation as stated by the Dutch Data Protection Authority because data are collected on an aggregated level.

Download Full-text

Record linkage of population-based cohort data from minors with national register data: a scoping review and comparative legal analysis of four European countries

Open Research Europe ◽

10.12688/openreseurope.13689.1 ◽

2021 ◽

Vol 1 ◽

pp. 58

Author(s):

Julia Nadine Doetsch ◽

Vasco Dias ◽

Marit S. Indredavik ◽

Jarkko Reittu ◽

Randi Kallar Devold ◽

...

Keyword(s):

The Netherlands ◽

Public Good ◽

Scoping Review ◽

Data Protection ◽

Record Linkage ◽

Scientific Research ◽

Personal Data ◽

Member States ◽

National Legislation ◽

Cohort Data

Background: The General Data Protection Regulation (GDPR) was implemented to build an overarching framework for personal data protection across the European Union/Economic Area (EU/EEA). Linkage of data directly collected from cohort participants based on individual consent must respect data protection rules and privacy rights of data subjects. Our objective was to investigate possibilities of linking cohort data of minors with routinely collected education and health data comparing EU/EEA member states. Methods: A legal comparative analysis and scoping review was conducted of openly online accessible published laws and regulations in EUR-Lex and national law databases on GDPR’s implementation in Portugal, Finland, Norway, and the Netherlands and its connected national regulations purposing record linkage for health research that have been implemented up until April 30, 2021. Results: EU/EEA has limited legislative authority over member states. The GDPR offers flexibility for national legislation. Exceptions to process personal data, e.g., public interest and scientific research, must be laid down in EU/EEA or national law. Differences in national interpretation caused obstacles in cross-national research and record linkage: Portugal requires written consent and ethical approval; Finland allows linkage mostly without consent through the national Data Protection Supervisory Authority; Norway when based on regional ethics committee’s approval and adequate information technology safeguarding confidentiality; the Netherlands mainly bases linkage on the opt-out system and Data Protection Impact Assessment. Conclusions: Though the GDPR is the most important legal framework, national legislation execution matters most when linking cohort data with routinely collected health and education data. As national interpretation varies, legal intervention balancing individual right to informational self-determination and public good is gravely needed for scientific research. More harmonization across EU/EEA could be helpful but should not be detrimental in those member states which already opened a leeway for registries and research for the public good without explicit consent.

Download Full-text

Data protection in the age of welfare conditionality: Respect for basic rights or a race to the bottom?

European Journal of Social Security ◽

10.1177/1388262719838109 ◽

2019 ◽

Vol 21 (1) ◽

pp. 3-22 ◽

Cited By ~ 4

Author(s):

Valery Gantchev

Keyword(s):

The Netherlands ◽

Social Security ◽

Data Protection ◽

Welfare Benefits ◽

The United Kingdom ◽

Informational Control ◽

Data Protection Law ◽

The Government ◽

Normative Criteria ◽

The Eu

This article addresses the informational control powers of the state to detect social security fraud as one of the pillars supporting welfare conditionality in Western European states. It sheds light on the question of whether the repressive trend of vastly expanding conditions and sanctions attached to welfare benefits can also be observed in an unwarranted expansion of the adopted control powers of the government. The article begins by highlighting the importance of data protection law in the field of social security. It then provides a normative yardstick for assessing nationally the control powers by analysing the normative criteria set by the EU data protection framework, more specifically with regard to the purpose limitation principle and the transparency rights of individuals. Three case studies are carried out on Germany, the United Kingdom and the Netherlands which investigate the conformity of the control powers of the welfare administration with the basic right to data protection. The article concludes by providing explanations for the diverging level of protection in the examined countries and by recommending strategies for improving the data protection position of welfare beneficiaries.

Download Full-text

Reinventing Data Protection?, edited by Serge Gutwirth, Yves Poullet, Paul de Hert, Cecile de Terwangne, and Sjaak Nouwt. Amsterdam, The Netherlands: Springer, 2009. 342 pp.$219.00 hardcover. ISBN 9781402094972 (hardcover).

The Information Society ◽

10.1080/01972243.2014.896696 ◽

2014 ◽

Vol 30 (3) ◽

pp. 229-231

Author(s):

Kalpana Shankar

Keyword(s):

The Netherlands ◽

Data Protection

Download Full-text

Influence of the Business Revenue, Recommendation, and Provider Models on Mobile Health App Adoption: Three-Country Experimental Vignette Study (Preprint)

10.2196/preprints.17272 ◽

2019 ◽

Author(s):

Francisco Lupiáñez-Villanueva ◽

Frans Folkvord ◽

Mariek Vanden Abeele

Keyword(s):

The Netherlands ◽

Medical Association ◽

Willingness To Pay ◽

Health Information ◽

Mobile Health ◽

Data Protection ◽

Data Handling ◽

Vignette Study ◽

Revenue Model ◽

Doctor Recommendation

BACKGROUND Despite the worldwide growth in mobile health (mHealth) tools and the possible benefits of mHealth for patients and health care providers, scientific research examining factors explaining the adoption level of mHealth tools remains scarce. OBJECTIVE We performed an experimental vignette study to investigate how four factors related to the business model of an mHealth app affect its adoption and users’ willingness to pay: (1) the revenue model (ie, sharing data with third parties vs accepting advertisements); (2) the data protection model (General Data Protection Regulation [GDPR]-compliant data handling vs nonGDPR-compliant data handling); (3) the recommendation model (ie, doctor vs patient recommendation); and (4) the provider model (ie, pharmaceutical vs medical association provider). In addition, health consciousness, health information orientation, and electronic health literacy were explored as intrapersonal predictors of adoption. METHODS We conducted an experimental study in three countries, Spain (N=800), Germany (N=800), and the Netherlands (N=416), to assess the influence of multiple business models and intrapersonal characteristics on the willingness to pay and intention to download a health app. RESULTS The revenue model did not affect willingness to pay or intentions to download the app in all three countries. In the Netherlands, data protection increased willingness to pay for the health app (P<.001). Moreover, in all three countries, data protection increased the likelihood of downloading the app (P<.001). In Germany (P=.04) and the Netherlands (P=.007), a doctor recommendation increased both willingness to pay and intention to download the health app. For all three countries, apps manufactured in association with a medical organization were more likely to be downloaded (P<.001). Finally, in all three countries, men, younger individuals, those with higher levels of education, and people with a health information orientation were willing to pay more for adoption of the health app and had a higher intention to download the app. CONCLUSIONS The finding that people want their data protected by legislation but are not willing to pay more for data protection suggests that in the context of mHealth, app privacy protection cannot be leveraged as a selling point. However, people do value a doctor recommendation and apps manufactured by a medical association, which particularly influence their intention to download an mHealth app.

Download Full-text