Dutch Court Goes Too Far In Enforcing Privacy Regulation

Written by: Richard Sheinis, Esq.

A Dutch court has ruled that a grandmother is violating the EU’s General Data Protection Regulation by posting photographs of her grandchildren on her social media account without the consent of the children’s parents. The court’s ruling arose from a complaint filed by the children’s mother, who wanted the photographs removed. The grandmother faces a fine if she does not remove the photographs. The Dutch GDPR Implementation Act states that posting photographs of a minor under 16 requires the consent of the minor’s legal representative.

However, the GDPR states that it does not apply to a “purely personal or household activity” because it has no connection to a professional or commercial activity. GDPR even states that personal or household activities could include social networking. The court skirted this exception by stating that because the images were shared on social media, grandma did not meet the purely personal or household activity exception. This is simply a bad ruling by a court that left its common sense at the door.  Privacy of personal information held or used by a business is one thing, but what are things coming to when a court uses privacy laws to get in the middle of a family squabble that has nothing to do with business or commerce?