The Netherlands
International Card Services B.V.
150,000 €
GDPR enforcement action by Dutch Supervisory Authority for Data Protection (AP) on 2024-01-15.
Rank · Sector
#71
of 322 in Finance, Insurance and Consulting
Rank · The Netherlands
#25
of 43
Rank · All fines
#412
of 3,050
Case details
- Authority
- Dutch Supervisory Authority for Data Protection (AP)
- Date
- 2024-01-15
- Controller / Processor
- International Card Services B.V.
- Sector
- Finance, Insurance and Consulting
- Quoted Articles
- Art. 35 GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The Dutch DPA has imposed a fine of EUR 150,000 on International Card Services B.V. (ICS). ICS failed to carry out a data protection impact assessment before starting the digital identification of customers in the Netherlands in 2019. The identity check covered around 1.5 million people and involved sensitive personal data such as pictures of the data subjects.
Open original source
Links to the regulator's original publication or another source.
Related fines
The Netherlands
2024-07-22
290,000,000 €
ETid-2447
Uber Technologies Inc., Uber B.V.
Employment
The Netherlands
2026-04-01
100,000,000 €
ETid-3171
Ridetech International B.V.
Transportation and Energy
The Netherlands
2024-05-16
30,500,000 €
ETid-2448
Clearview AI Inc.
Industry and Commerce
The Netherlands
2023-12-11
10,000,000 €
ETid-2199
Uber Technologies Inc.
Uber B.V.
Employment
The Netherlands
2024-11-26
4,750,000 €
ETid-2507
Netflix International B.V.
Media, Telecoms and Broadcasting
The Netherlands
2022-04-07
3,700,000 €
ETid-1124
Dutch Tax and Customs Administration
Public Sector and Education