August 1, 2021

Volume XI, Number 213

Advertisement

July 30, 2021

Subscribe to Latest Legal News and Analysis

July 29, 2021

Subscribe to Latest Legal News and Analysis

Dutch DPA Fines Company 525,000 EUR for Failure to Designate EU Representative

On May 12, 2021, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, the “Dutch DPA”) imposed a €525,000 fine on Locatefamily.com for failure to comply with the obligation imposed under Article 27 of the EU General Data Protection Regulation (“GDPR”) to appoint a representative in the EU.

Locatefamily.com is an online platform that publishes contact details (including telephone numbers and addresses) of individuals. According to the Dutch DPA, individuals often did not register for the online platform and did not know how their personal information ended up on the platform.

The Dutch DPA, who had received numerous complaints from individuals, found that the online platform had failed to comply with data erasure requests. In this context, the Dutch DPA also found that the online platform did not have establishments in the EU and did not appoint a representative, making it difficult for data subject to exercise their data protection rights.

Under Article 27(2)(a) of the GDPR, companies that (1) are not established in the EU and (2) offer goods or services to individuals in the EU or monitor the behavior of individuals in the EU must appoint a representative in the EU, except if the processing of personal data (1) is occasional; (2) does not include, on a large scale, processing of sensitive personal data or personal data relating to criminal convictions and offences; and (3) is unlikely to result in a risk to the rights and freedoms of natural persons, taking into account the nature, context, scope and purposes of the processing.

Accordingly, the Dutch DPA imposed a €525,000 fine against Locatefamily.com as well as an order to appoint a representative by a certain date, subject to a penalty.

Read the press release and the decision (in Dutch).

Copyright © 2021, Hunton Andrews Kurth LLP. All Rights Reserved.National Law Review, Volume XI, Number 139
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

In today’s digital economy, companies face unprecedented challenges in managing privacy and cybersecurity risks associated with the collection, use and disclosure of personal information about their customers and employees. The complex framework of global legal requirements impacting the collection, use and disclosure of personal information makes it imperative that modern businesses have a sophisticated understanding of the issues if they want to effectively compete in today’s economy.

Hunton Andrews Kurth LLP’s privacy and cybersecurity practice helps companies manage data and...

212 309 1223 direct
Advertisement
Advertisement