On December 2, 2022, a new act called the Verzamelwet Gegevensbescherming was introduced in the Netherlands. This act is designed to amend the Dutch Implementation Act for the General Data Protection Regulation (Uitvoeringswet AVG or UAVG) and other relevant laws to simplify and update data protection regulations. It includes both substantive and technical changes, such as modifications to data subjects’ rights under the GDPR and guidelines for processing personal data in the context of transaction monitoring.

The Verzamelwet Gegevensbescherming was introduced to address issues related to the enforcement of the General Data Protection Regulation (GDPR) in the Netherlands. Initially, there was a lot of uncertainty regarding how these regulations would be enforced. To address this issue, a motion was passed to change the future Dutch interpretation of the GDPR (UAVG). Since then, some of the ambiguity has been resolved, and the remaining issues will be addressed by the proposed Verzamelwet Gegevensbescherming.

The proposed Verzamelwet Gegevensbescherming covers various technical and substantive topics, including changes related to the exercise of rights under the GDPR, the provision of grounds for processing certain categories of personal data, and specific amendments such as financial companies’ obligations in transaction area monitoring. One of the significant changes in the proposal is related to the rights of data subjects, particularly when minors are involved. The proposal allows the legal representative and data subjects aged 12 and over to withdraw their consent at any time.

The adjustments made by the Verzamelwet Gegevensbescherming may affect businesses that process personal data. For example, the proposed changes related to the exercise of rights under the GDPR may require companies to make changes to ensure that minors can easily withdraw their consent on their own. The Verzamelwet Gegevensbescherming is expected to streamline and clarify data protection regulations in the Netherlands, benefiting individuals, organizations, and the overall economy.

The Dutch Data Protection Authority (Autoriteit Persoonsgegevens, “AP”) issued an opinion on the Verzamelwet Gegevensbescherming proposal in 2021, which has been incorporated into the current proposal. In its January 2023 opinion, the AP emphasizes the importance of effective enforcement of privacy laws, safeguarding the rights of data subjects, protecting personal data when processed by government agencies, and encouraging privacy-friendly innovation. It also makes recommendations for improving the UAVG in the areas of accountability, transparency, international data sharing, and the protection of special personal data.

The Verzamelwet Gegevensbescherming proposal was submitted on December 2, 2022, and is currently pending. A report on the proposed act has been handed in on March 23, 2023. This report pertains to the amendment of the UAVG and some other laws as part of an effort to streamline and update data protection acts. This marks a step in the process of creating this law, but there is currently no information available regarding further consideration thereof. It is also unclear when the expected legislative amendment will take place. However, what is certain is that there will be changes from the current UAVG and the other laws mentioned in the proposal.