The Personal Data Authority (AP) has imposed a penalty of € 830.000,- on the Bureau Krediet Registratie (BKR). According to the AP the General Data Protection Protection Regulation (GDPR) was violated by BKR. The BKR is an Dutch organisation that keeps a record of how many debts and loans people take out. Until the end of April 2019, it was only possible to view online credit data via BKR if a visitor had a paid subscription. Until the end of April 2019, the only way someone could view their credit data for free was via post mail. However, the visitor could only request this once a year, so could be read on the BKR website.
The AP now states that, until the end of April 2019, the threshold for accessing one's own personal data was too high. The situation until the end of April 2019 was therefore a violation of the privacy legislation, according to the Dutch privacy watchdog. From May 2019, every visitor can view his or her personal data via BKR without any obligation to get a paid subscription.
BKR would have already indicated that it wants to contest the penalty in court.
Do you have any questions about this news item, or more specifically about privacy law? Feel free to contact Arsen Mukuchian.
Source: Personal Data Authority
July 15, 2020