Dutch court forces grandmother to delete Facebook photos of her own grandchildren after she posted them online without their parents’ permission in breach of EU data rules

  • Case ended up in court after grandmother refused to delete the pictures
  • Was repeatedly asked to delete them by her daughter, the children’s mother
  • Netherlands court made ruling under EU’s General Data Protection Regulation 

A grandmother has been ordered to delete photos of her grandchildren which she posted on Facebook without their parents’ permission.

A court in the Netherlands made the ruling after a judge decided the case fell under the EU’s General Data Protection Regulation (GDPR).

The grandmother’s case ended up in court after she repeatedly refused to delete the pictures when asked by her daughter, according to the BBC. 

A grandmother has been ordered to delete photos of her grandchildren which she posted on Facebook without their parents’ permission (stock image) 

The GDPR, which came into force in 2018, does not apply to ‘purely personal’ or ‘household’ processing of data. 

However, this exemption did not apply to the grandmother because she had posted the photos on social media, meaning that they were available to a wider audience, the ruling said. 

‘With Facebook, it cannot be ruled out that placed photos may be distributed and may end up in the hands of third parties,’ the judgement said. 

The woman now has to remove the pictures or will have to pay a fine of €50 (£45) for each day that she leaves them online, up to a maximum of €1,000 (£896).  

The grandmother’s case ended up in court after she repeatedly refused to delete the pictures when asked by her daughter

Neil Brown, a technology lawyer at Decoded Legal, told the BBC: ‘I think the ruling will surprise a lot of people who probably don’t think too much before they tweet or post photos.’ 

The GDPR aims to strengthen data protection for people living in EU countries. 

When it came into effect, thousands of Britons admitted to being ‘clueless’ about the regulations.

Fines for breaches misusing data can run into several million pounds.     

WHAT IS THE EU’S GENERAL DATA PROTECTION REGULATION?

The European Union’s General Data Protection Regulation (GDPR) is a new data protection law that entered into force on May 25, 2018.

It aims to strengthen and unify data protection for all individuals within the European Union (EU).

This means cracking down on how companies like Google and Facebook use and sell the data they collect on their users.

The law will mark the biggest overhaul of personal data privacy rules since the birth of the internet.

Under GDPR, companies are required to report data breaches within 72 hours, as well as to allow customers to export their data and delete it.

The European Union’s General Data Protection Regulation (GDPR) is a new data protection law that entered into force on May 25

Part of the expanded rights of data subjects outlined by the GDPR is the right for data subjects to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. 

Further, the controller must provide a copy of the personal data, free of charge, in an electronic format.

This change is a dramatic shift to data transparency and empowerment of data subjects.

Under the right to be forgotten, also known as Data Erasure, are entitled to have the data controller erase their personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. 

The conditions for erasure include the data no longer being relevant to original purposes for processing, or a data subject withdrawing their consent. 

This right requires controllers to compare the subjects’ rights to ‘the public interest in the availability of the data’ when considering such requests.

Source: Read Full Article