What you need to know
In 2009 The Netherlands passed the EU’s Data Retention Directive into law1. This means that all ISPs in the Netherlands must retain your personal data, including web-browsing history and emails data, for at least one year after you leave the ISP’s service.
In according with the Data Retention Directive, ISPs in the Netherlands are required to archive your personal information so that the “data can be transmitted upon request to the competent authorities without undue delay.”2
Politicians in the Netherlands have also discussed the creation of a personal information database, where all of the information archived by ISPs will be kept in one centralised database. However, this has not yet been implemented3.
IMPORTANT UPDATE – 10/04/2014
The European Court of Justice has declared the European data retention directive (Directive 2006/24/EC) invalid. The Court found that the set of obligation laid down by current directive is disproportionate and contrary to some fundamental rights protected by the Charter of Fundamental Rights, in particular to the principle of privacy, because “the wide ranging and particularly serious interference of the directive with the fundamental rights at issue is not sufficiently circumscribed to ensure that that interference is actually limited to what is strictly necessary” – for more info see http://curia.europa.eu/jcms/upload/docs/application/pdf/2014-04/cp140054en.pdf
The Netherlands has seen two important copyright infringement cases that have implications for online privacy.
In 2005 a Dutch court ruled that ISPs should not hand over user information to a content industry group BREIN, which was looking to sue a number of file-sharers. This was seen as a victory for privacy advocates.
However, in August 2006 the Subdistrict Court of Amsterdam allowed BREIN to demand ISPs hand over the private data of a number of BitTorrent users.
The Amsterdam court stated that ISPs in the Netherlands should hand of customer data if “(1) it must be sufficiently plausible that the unlawful act has been committed; and (2) there must be no reasonable doubt that it was committed by the subscriber whose NAW-data (name, address and domicile) is being requested.”4