NL: Fine for iden­ti­fi­ca­ti­on only by pass­port in case of infor­ma­ti­on request

The Dutch data pro­tec­tion aut­ho­ri­ty has impo­sed a fine of EUR 525,000 on a media com­pa­ny. Appar­ent­ly, the com­pa­ny had deman­ded from data sub­jects as a con­di­ti­on of a data pro­tec­tion dis­clo­sure or data dele­ti­on a Pro­of of iden­ti­ty in the form of an iden­ti­ty docu­ment required.

As a result, in the view of the aut­ho­ri­ty, the com­pa­ny had Too much data coll­ec­ted for iden­ti­ty veri­fi­ca­ti­on pur­po­ses and the exer­cise of data sub­ject rights too com­pli­ca­ted made. In deter­mi­ning the amount of the fine, the aut­ho­ri­ty had fur­ther taken into account the fact that the media com­pa­ny had not reli­ed on the pos­si­bi­li­ty of Blacke­ning of data not requi­red in the copies of the ID cards (cf. Media release).