The Dutch Data Protection Authority, the College Bescherming Persoonsgegevens (CBP), has issued a report on data collection by smart TVs and issued new protocols in relation to financial fraud prevention and the use of black lists by hotels.

The CBP issued a report on unauthorized data collection by smart televisions following an investigation of TP Visions Netherlands B.V (TP Vision). The report highlights that adding web functionality to televisions has resulted in a significant shift towards two-way data traffic, allowing manufacturers to look back at viewers including their online viewing habits, their favourite programs, and apps. In violation of the Data Protection Act, TP Vision failed to demonstrate that it had fully informed viewers about the extent and purpose for which the personal data was being collected by the smart televisions, nor had it sought any form of legal and freely given consent from viewers. CBP condemned TP Vision’s inadequate Terms of Use and Privacy and Cookies Policy and further scrutinised the lack of a valid Data Processing Agreement with Google Analytics. As a result of the breaches outlined above, TP Vision was forced to terminate various contracts with analytics providers.

As an increasing number of Dutch financial institutions were joining together to tackle fraud, the CBP approved an amendment to a protocol followed by the financial services industry known as the Protocol Incident Warning Financial Institutions, setting the parameters for the ability of financial institutions to process criminal data of individuals relating to fraudulent activities.

In a similar vein, CBP has approved a new protocol permitting hotel members of the Hotel Warning Network (HWN) to process guest data for the purposes of creating a blacklist. To comply with the Dutch Data Protection Act, guests should be informed in writing before their details are entered in the register and given either an opportunity to appeal or object to their inclusion. The protocol addresses how long blacklist data may be retained and the security measures related to accessing the data and keeping it confidential. THE CBP has approved the protocol as an alternative to the use of porters and CCTV, which it acknowledged as insufficient to prevent criminal damage estimated at costing the hotel industry €115 million a year.