De Bescherming Van Persoonsgegevens: Acht Europese Landen Vergeleken (The Protection of Personal Data: Comparison of Eight European Countries)

Custers B.H.M, Dechesne F., Georgieva I.N. & Hof S. van der (2017), De bescherming van persoonsgegevens: acht Europese landen vergeleken. Den Haag: SDU

262 Pages Posted: 1 Mar 2018

See all articles by Bart Custers

Bart Custers

Leiden University - Center for Law and Digital Technologies

Francien Dechesne

Leiden University - Centre for Law and Digital Technologies

Ilina Georgieva

Utrecht University

Simone van der Hof

Leiden University - Leiden Law School

Date Written: November 5, 2017

Abstract

Dutch Abstract: De bescherming van persoonsgegevens wordt in de Europese Unie in belangrijke mate bepaald door wetgeving. De EU-richtlijn voor de bescherming van persoonsgegevens (richtlijn 95/46/EC), geldig tot 25 mei 2018 en de Algemene Verordening Gegevensbescherming van de EU (verordening 2016/679), geldig vanaf 25 mei 2018, bepalen de kaders voor rechten en plichten van enerzijds personenwier gegevensworden verzameld en verwerkt en anderzijds van personen, bedrijven en overheidsinstellingen die de persoonsgegevens verzamelen en verwerken. Hoe de feitelijke bescherming eruitziet is echter niet alleen afhankelijk van de wettelijke kaders, maar ook van de verdere invulling en interpretatie die daaraanwordt gegeven en dewijze waarop handhaving plaatsvindt. De wet- en regelgeving op het gebied van privacy en de bescherming van persoonsgegevens kent veel open normen. Als gevolg van verschillen in wetgevingsstelsels en culturele verschillen is de richtlijn voor de bescherming van persoonsgegevens in EU-lidstaten op verschillende manieren geïmplementeerd. Als gevolg van de open normen, in combinatie met culturele verschillen, wordt ook op verschillende manieren aan de wet- en regelgeving uitvoering gegeven. Hoewel de Algemene Verordening Gegevensbescherming dit verder zal harmoniseren, is het te verwachten dat in de praktijk verschillen blijven bestaan. De verschillen in de mate van bescherming van persoonsgegevens roept de vraag op in welk land persoonsgegevens (en daarmee een belangrijk deel van iemands privacy) het beste zijn beschermd en hoe goed de bescherming van persoonsgegevens in Nederland is geregeld in vergelijking met andere landen. Is Nederland een achterhoedespeler, een middenmoter of een koploper op het vlak van privacybescherming? Een antwoord op deze vraag maakt het bovendien mogelijk aanvullende maatregelen ter bescherming van privacy en persoonsgegevens te nemen, als mocht blijken dat die bescherming in Nederland achterblijft bij andere EU-lidstaten. Dit leidt tot de centrale vraagstelling van dit onderzoek: Wat is de positie vanNederland met betrekking tot de bescherming van de persoonsgegevens van de burgers in vergelijking met enkele andere landen binnen de Europese Unie?

English Abstract: The protection of personal data in the European Union largely depends on existing legislation. The EU Data Protection Directive (Directive 95/46/EC), valid until May 25th 2018 and the General Data Protection Regulation (GDPR, Regulation 2016/679), in force after May 25th 2018, determine the legal framework for rights and obligations of persons whose data are collected and processed and for companies and governments that collect and process these personal data. The actual protection, however, does not only depend on the legal framework, but also on the further elaboration on and interpretation of the legislation and the ways in which it is enforced. The legislation on privacy and the protection of personal data contains many open norms. As a result of differences in legal systems and cultural differences, the legal implementation of the Data Protection Directive is different in EU member states. As a result of the open norms, in combination with cultural differences, the practical implementation of the protection of personal data is also different in EU member states. Although the GDPR will further harmonize this, it may be expected that differences in practices will continue to exist.

The differences in the extent to which personal data are protected raise the question of which country best protects personal data (which is an important aspect of privacy). This research focuses on the position of the Netherlands in relation to other European countries and the question whether the Netherlands is a front runner or lagging behind. An answer to this question enables further measures for the protection of privacy and personal data in the event that the protection in the Netherlands provides less protection in comparison to other EU member states. This leads to the central research question of this study: What is the position of the Netherlands with regard to the protection of personal data of citizens in comparison with several other countries in the European Union?

Five aspects were chosen as points of comparison in this research. These aspects, reflected in the first five subquestions mentioned above are: (1) general situation, (2) national government policies, (3) laws and regulations, (4) implementation, and (5) regulatory authorities and enforcement. Finally, the collected material was clustered in 23 categories (labels). For the general situation, these are internet use, control, awareness, trust, protection actions, national politics, media attention, data breaches, and civil rights organizations. For national government policies, these are national policies and Privacy Impact Assessments, privacy and data protection in new policies, societal debate, and information campaigns. For laws and regulations, these are implementation of the EU directive, sectoral legislation, self-regulation and codes of conduct. For implementation, these are privacy officers, security measures and transparency. For regulatory authorities and enforcement, these are supervisory authorities, main activities, the use of competences and reputation.

This research focuses on the position of the Netherlands. Furthermore, the following countries were analyzed in this comparison: Germany, Sweden, the United Kingdom, Ireland, France, Romania and Italy. When comparing the position of the Netherlands with the other countries analyzed, this yields the following conclusions:

• The Dutch people show high levels of awareness and self-reliance with regard to the protection of their personal data. At the same time, there are low levels of concern and high levels of acceptance and resignation.

• In the Netherlands, there is extensive attention for the protection of personal data in the political debate and in the media.

• The Netherlands (together with Germany) is front runner with regard to data beach notification laws.

• The budgets, influence and notoriety of civil rights organizations in the Netherlands are limited.

• The Netherlands is among the front runners with regard to privacy impact assessments, societal debate, and information campaigns.

• Differences in national legislation are very small in the countries investigated.

• The number of privacy officers in the Netherlands lags behind the other countries compared.

• Guidelines for security measures exist in the Netherlands, but authorities do not offer certification or quality marks like in some other countries.

• Transparency is low in all countries investigated.

• The budget and number of employees of the Dutch Data Protection Authority are in line with other countries.

• Sanction options of the Dutch Data Protection Authority are in line with other countries.

• The Dutch Data Protection Authority maintains a very limited dialogue (at an individual level) with those under supervision and does not process citizen complaints.

• The Dutch Data Protection Authority is well-known among citizens.

Note: Downloadable document is in Dutch.

Keywords: privacy, data protection, GDPR

Suggested Citation

Custers, Bart and Dechesne, Francien and Georgieva, Ilina and van der Hof, Simone, De Bescherming Van Persoonsgegevens: Acht Europese Landen Vergeleken (The Protection of Personal Data: Comparison of Eight European Countries) (November 5, 2017). Custers B.H.M, Dechesne F., Georgieva I.N. & Hof S. van der (2017), De bescherming van persoonsgegevens: acht Europese landen vergeleken. Den Haag: SDU. Available at SSRN: https://ssrn.com/abstract=3118279 or http://dx.doi.org/10.2139/ssrn.3118279

Bart Custers (Contact Author)

Leiden University - Center for Law and Digital Technologies ( email )

2300 RA Leiden, NL-2300RA
Netherlands

Francien Dechesne

Leiden University - Centre for Law and Digital Technologies

P.O. Box 9520
2300 RA Leiden, NL-2300RA
Netherlands

Ilina Georgieva

Utrecht University ( email )

Vredenburg 138
Utrecht, 3511 BG
Netherlands

Simone Van der Hof

Leiden University - Leiden Law School ( email )

P.O. Box 9520
2300 RA Leiden, NL-2300RA
Netherlands

HOME PAGE: http://www.linkedin.com/vanderhof

Here is the Coronavirus
related research on SSRN

Paper statistics

Downloads
109
Abstract Views
506
rank
258,782
PlumX Metrics