User agreement and Privacy statement
Privacy - your rights in Defence
The Ministry of Defence handles your personal data with care. Do you want to know how? You can. The General Data Protection Regulation (AVG) states which rights you have in this respect. However, there are a few exceptions. On this page, you can read which exceptions they are. And you can find out how you can check which personal data Defence holds about you and which of these you can, for example, inspect, have adjusted, removed or transferred.
What are your privacy rights?
As a data subject, you sometimes have rights to your own personal data. With your permission, these rights can also be exercised, for example, by a lawyer (via an authorisation).
The AVG (Articles 15, 16, 17, 18, 20, 21, 22) state what rights you have. You have the right:
- to inspect your personal data;
- to amend your personal data (rectification);
- to erase your personal data (oblivion);
- to limit the processing of your personal data;
- to transfer your personal data (data portability);
- object to the use of your personal data;
- human intervention in decision-making and profiling.
A detailed explanation of these rights can be found on the website of the Authority for the Protection of Personal Data.
You may only exercise these rights with respect to your own personal data, not with respect to the personal data of others. Unless you have permission (an authorisation) from the person concerned. You can read how this works later on this page.
What you cannot request with the AVG
There are exceptions to privacy rights based on the AVG. This may have to do with other legislation, or for example national security.
Collapse overview
View the exceptions
Deceased persons
The AVG does not apply to the personal data of deceased persons. If the data of the deceased person says something about another person (for example the next of kin), the privacy of the living person can be at stake.
However, other legislation may apply that prevents publication or processing (such as providing) in the case of deceased persons. This is the case with photographs, for example. Based on the portrait right under the Copyright Act (see Article 19-21), these may not be made public without permission for 10 years after death.
The professional secrecy and privilege of doctors does not end with the death of a patient. Not only is confidentiality mandatory, but specific rules also apply to the retention period of the medical records of a deceased person.
Next of kin only have the right to inspect the file if:
- the patient has given permission for this during his lifetime and has had this recorded;
- the healthcare provider indicates that an incident occurred;
- the surviving relative has a serious, plausible interest.
For more information, see:
- Am I allowed to inspect, have adjusted or destroy my medical file?
- Copyright Act (see Article 19-21)
Exception due to deployment/provision of the armed forces
The Minister of Defence may decide that the AVG does not apply. This is then because of deployment/provision of the armed forces to perform the tasks as described in Article 97 of the Constitution.
For more information see:
- Constitution (Article 97);
- General Data Protection Regulation Implementing Act (Article 3);
- Military Operations Data Protection Regulations.
Exception for national security, defence, public safety, criminal law, others and case law
You may not be able to exercise your rights if this would adversely affect
- National security (Article 41 of the AVG Implementation Act, paragraph 1(a));
- National defence (Article 41 AVG implementation act, paragraph 1 sub b);
- Public security (Article 41 AVG implementation act, paragraph 1 sub c);
- Criminal law (Article 41 AVG implementing act, subparagraph 1(d));
- Other (Article 41 AVG Implementation Act, paragraph 1 sub e to j).
Disproportionate prejudice can also be a reason not to allow inspection. A request is then manifestly unfounded or excessive (see Article 12 AVG).
Case law
The right of inspection does not apply to internal notes that contain personal thoughts of employees and are only intended for internal consultation. This is evident from rulings from previous court cases (case law).
See for more information:
- General Data Protection Regulation
Processing at the Royal Netherlands Marechaussee (police data)
Personal data that are used for police tasks of the Royal Netherlands Marechaussee fall under the Police Data Act (Wpg).
For personal data that are related to border control and foreign nationals, you can contact the Royal Netherlands Marechaussee on the basis of the AVG.
For more information, see:
- Inspection requests for police tasks of the Royal Netherlands Marechaussee
Processing at the Military Intelligence and Security Service (MIVD)
If you think the MIVD has data on you, you may be able to request it. This is stated in the Intelligence and Security Services Act (Wiv 2017).
For more information see:
- Access to recorded personal data by intelligence and security services;
- Requests for inspection by the military intelligence and security services.
What happens after I have submitted a request?
You have submitted a request under the AVG to the Ministry of Defence. What happens next? Your request will be answered within 1 month after it is received. In some situations, the processing time may be extended by 2 months. You will then be informed of this.
Do you disagree with the decision on your request?
Then you can submit a digital objection.
Supervision by the Data Protection Officer
The Ministry of Defence has an independent supervisor who monitors the correct processing of personal data. In accordance with the laws and standards that apply to this. This Data Protection Officer has powers such as:
- ask for information;
- access to all records;
- access to all locations where personal data is processed.
The Data Protection Officer at the Ministry of Defence:
- is also in charge of the AVG Processing Register. This is the register in which the reports of registrations (processing of personal data) at the Ministry of Defence are recorded.
- has no supervisory powers for the Military Intelligence and Security Service (MIVD). Nor for the processing of personal data that the Royal Netherlands Marechaussee carries out for its police task.
- can be reached by e-mail: functionaris.gegevensbescherming@mindef.nl.
See also
- Authority Personal Data authoritypersoonsgegevens.nl |
