Netherlands

[NL] Monitoring of digital television consumption infringes Dutch data protection law

IRIS 2015-7:1/25

Youssef Fouad

Institute for Information Law (IViR), University of Amsterdam

On 9 June 2015, the Dutch data protection authority (College bescherming persoonsgegevens - CBP) announced that Ziggo, which is one of the biggest providers of digital television in the Netherlands, had ended its privacy infringing activities. An investigation, prior to the announcement, had concluded that Ziggo had infringed Dutch Data protection law on several occasions.

According to the investigation by the CBP, Ziggo collected and used personal data of subscribers, without correctly informing the data-subjects. Furthermore, the investigation concluded that Ziggo did not obtain the requisite unambiguous consent for the processing of the personal data.

Notably the CBP made a remark regarding the nature of the personal data involved in Ziggo’s data processing activities. According to the CBP, the monitoring of digital television consumption intrusively reveals the habits and interests of subscribers and, therefore, the personal data gathered from this processing activity has to be deemed to be of a sensitive nature.

Ziggo’s unlawful activities consisted of the monitoring of the viewing habits of subscribers in order to analyse viewing ratings without informing them. Consequently, Ziggo did not obtain the requisite consent for the collection and use of persona data following from the Dutch data protection act (Wet bescherming persoonsgegevens - DDA). Moreover, Ziggo monitored the use of its video-on-demand service in order to target subscribers with personally tailored content, without obtaining their consent. Lastly, the CBP concluded that Ziggo unlawfully used personal data, collected by monitoring the digital consumption of its subscribers, for direct marketing purposes.

The CBP states that Ziggo now complies with the requirements of the DDA by correctly informing subscribers and requesting their unambiguous consent for their data processing activities. Furthermore, Ziggo implemented anonymisation methods by which the subscriber’s consumption habits cannot be traced back to an individual user.