Amsterdam Violated Privacy Rules With Facebook Data Loitering Young People. Amsterdam has acted in infringement of the privacy legislation when collecting Facebook data from young people. The municipality should have reported the analysis to the Dutch Data Protection Authority.
The municipality should also have informed the young people involved, confirms a spokesperson for the Dutch Data Protection Authority against NU.nl, after reporting and research from NRC. The regulator did not investigate this specific case, says INC News.
Research by NRC revealed that in 2015, Amsterdam collected more than one hundred lists of friends of young loiterers and had a network analysis carried out. In total, the files contained the data of almost 65,000 people. After the elimination of people with fewer than six interconnections, a group of more than twelve hundred people remained.
Amsterdam should have reported the project to the Dutch Data Protection Authority so that the watchdog can then check whether the municipality deals responsibly with personal data. Nevertheless, the Dutch Data Authority does not challenge the city. “That only happens when we have done the research ourselves,” says spokesperson Pauline Gras against NU.nl. “This judgment is based on NRC’s research”.
New privacy rules
New European privacy rules will take effect on 25 May. From that moment on, the duty to report for the processing of personal data to the Authority for Personal Data lapses. Organizations that collect data from individuals must still notify these people.
The Dutch Data Protection Authority does not expect that the audit will take place differently due to the lack of the duty to report, says Gras. “As of 25 May, governments are obliged to appoint a data protection officer who internally monitors how the organisation deals with privacy, and we can also start an investigation on our ambition.”