Netherlands: Adopted fine to DPG Media for unnecessary data request (user ID copy)

On 24 February 2022, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) fined the company DPG Media USD 525'000 because a company it acquired (Sanoma Media Netherlands BV) previously required users who wanted to access or remove their data to upload proof of identity. The authority established that the request of a copy of the identity document to access or delete data is not necessary and disproportionate - too much data was requested, making it too difficult for users to access or delete data. The authority noted that the request for the copy of an identification document is generally not recommended and added that the company has both ended this violation and objected to the ruling.