On the 5th of June 2012, the revised Dutch Telecommunications Act (Telecommunicatiewet), based upon the revised European Telecommunications Framework, has entered into force. The most relevant changes are the new cookies regulation, the rules on net neutrality and the notification obligation for data leaks and data security breaches.
With regard to tracking cookies, the revised Act introduces the legal presumption that all tracking cookies are process personal data and will therefore be subject to the Dutch Data Protection Act (DDPA). Therefore, in order to fall outside of the scope of the DDPA the party that uses a tracking cookie must prove that it does not process personal data.
The new Act also lays down the principle of net neutrality. This principle has a dual character. Providers are not allowed to distinguish (i.e. to levy) between the various types of internet services which are used by businesses and consumers. Furthermore, providers are prohibited to tap or monitor communication. The Netherlands are the first country within the EU to implement the principle of net neutrality into national legislation.
The Act also introduces a notification obligation for telecommunication network providers to notify security breaches to the Dutch Independent Postal and Telecommunications Authority (OPTA). Non-compliance can lead to significant fines (up to EUR 450.000,-). (FVDJ)