Is this allowed? privacy edition

Can someone film me? Can my boss read my email? 80+ privacy questions, explained short.

90 topics in this category

May someone film me?In public spaces someone may film you without permission — but publishing is different. That triggers portrait rights and privacy rules.Live
Employer reading emailYour employer may not simply read your work email. There must be a legitimate interest, and the works council usually must have consented to the monitoring policy.Live
Photo posted without consentSomeone may not just post your photo online. You have portrait rights AND GDPR rights — for commercial or damaging publication you can demand removal.Live
WhatsApp group without askWhatsApp allows it — no law forbids the action itself. But sharing your number with other members without a legal basis can be a GDPR violation.Live
School + child photoFor children under 16, schools need <strong>explicit written parental consent</strong> — for each specific publication, not blanket consent for the whole school year.Live
Neighbour camera on gardenA neighbour may have a camera on their own property, but not aimed at your garden or house. That's a GDPR violation AND a civil privacy infringement.Live
Filming in own homeOwn home = private place (Sr Art. 138 + 139a/b). Covert recording criminal. Filming by others = almost never allowed.Live
Police cameraUnder Dutch Police Data Act — body cam with audio + warning, traffic camera proportionate, station recording with notice. Differs per situation.Live
Private investigator — allowed?Only by a detective licensed by the Dutch Ministry of Justice + Security, with valid assignment and lawful basis. Unauthorised following = stalking (Sr Art. 285b).Live
Drone over garden — allowed?No, not with camera + not without consent. EU Drone Regulation (EU 2019/947) + GDPR + Sr Art. 138 trespassing + portrait law.Live
AirTag tracking — allowed?No. Covertly tracking someone without consent is stalking (Sr Art. 285b) — punishable up to 3 years prison. Found a hidden tracker? File a police report.Live
Tracking teens — allowed?Under 16: parent may, provided reasonable + proportional + transparent. 16+: only with the child's own explicit consent (Dutch UAVG Art. 5).Live
Employer location — allowed?Only with works-council consent, prior announcement, proportionality, and only during working hours. Outside working hours never without consent.Live
WhatsApp by employer — allowed?On your private phone: never without explicit consent. On a work phone: only under very strict conditions (proportionality, works-council consent, prior announcement).Live
Drug/alcohol test — allowed?Special category health data (GDPR Art. 9) — only permitted under statutory obligation (aviation, professional driver, nuclear, shipping). Otherwise not, not even with "consent" — not freely given.Live
Googling applicants — allowed?Limited — only public info, only job-relevant, disclosure in job posting required. Dutch NVP code + GDPR. Not for "fishing" private info.Live
Employer social mediaPublic posts may be viewed — use in personnel decisions requires transparency + basis. Hidden accounts or "friending" for access = unlawful.Live
School laptop tracking — allowed?During school use: yes, with announcement + transparency + proportionality. Outside school: only with separate explicit consent of parents + child.Live
GP data sharing — allowed?Yes, for direct treatment (Dutch Medical Treatment Act + implied consent). But you always have the right to object, opt out of LSP/PGO, or block specific parts.Live
Insurer access record — allowed?In principle no. Exceptions only during claims investigation by medical advisor, with your consent and strictly limited.Live
Tax authority bank dataBanks share pre-filled tax data (balance + interest + assets). For extra investigation: only with authorisation via information request. Not all transactions arbitrarily.Live
Municipal CCTV — allowed?Yes, but strictly regulated (Dutch Municipalities Act Art. 151c). Mayoral decision, clear signs, limited retention (max 4 weeks), proportionality, your rights to access + objection.Live
Shop ID checkOnly for age verification, anti-fraud on large purchases, or anti-ML obligation. NOT for "customer registration" or marketing. BSN always redacted.Live
BSN at shop — allowed?No. BSN use is legally restricted to government, healthcare, education, and tax purposes. A normal shop or webshop may NEVER ask for your BSN.Live
Hotel passport copy — allowed?Hotels may view your passport/ID for legal registration (Dutch Immigration Act 4:1). Making a copy is almost never necessary — you may refuse.Live
Landlord pay slip — allowed?Income check is legitimate (GDPR Art. 6 basis: contract). BUT: only relevant fields, limited retention, data minimisation. BSN and passport photo MUST be redacted.Live
HOA hallway cameraHOA decision (AGM majority) + DPIA + clear signs + max 4 weeks retention. Not by a single board member alone.Live
Self-record callNL = one-party consent. You may record a call you're a party to without consent of the other. Publishing is separate.Live
Other records meOnly if that person is a party to the call. Recording silent third parties without basis = Sr Art. 139a criminal (max 6 months).Live
Record customer serviceYes, NL one-party consent. Customer service calls you participate in may be recorded — excellent evidence on dispute over promises.Live
Photo in advertisingNever without explicit + written consent. Portrait law + GDPR = dual claim possible. Cruijff jurisprudence = compensation.Live
Journalist publishing photoPress freedom (ECHR Art. 10) + public interest can justify. But balance between news value and privacy/portrait law. UAVG Art. 43 limits many GDPR rights.Live
Club share data with sponsorMembership does not imply consent for commercial transfer. Club must explicitly + specifically ask + offer you opt-out.Live
Camera in changing roomAlmost never allowed. Protected intimate space (Sr 139f + Art. 9 GDPR special data). Only on very specific security incidents + DPIA + AGM.Live
Camera workout areaYes under strict conditions — clear signs, limited retention, no camera in changing/toilet, no audio, DPIA.Live
International data transferAdequate countries (UK, Japan, Switzerland, etc) always. US via Data Privacy Framework. China + others only with SCC + TIA + supplementary measures.Live
Data sellingOnly with explicit + specific consent. "Sold" is not only for cash — sharing for advantage counts too. AP priority. Fines up to 4% turnover.Live
Mail after unsubscribeNever. Absolute opt-out under GDPR Art. 21(2) + ePrivacy. One confirmation email max, then stop. Persistence = AP + ACM enforcement.Live
Ex keeps photos onlineConsent given during relationship can be withdrawn (GDPR Art. 7(3)). On refusal to delete: GDPR Art. 17 + portrait law + on intimate content Sr 139h.Live
Landlord fingerprint lockBiometric = Art. 9 special data. Almost never allowed without explicit + voluntary consent + alternative (key/code).Live
Customer data on takeoverUnder strict conditions — duty to inform + right to object + same purpose limitation. On material change: new consent.Live
Accountant + client dataYes, provided a DPA is in place. Accountant = processor. No DPA = GDPR breach (Art. 28(3)).Live
Client photo portfolioOnly with explicit written consent per use. Model contract required. Portrait law + GDPR cumulatively apply.Live
Reviews with namesProvided transparent in the review flow itself. Name publication requires consent — not "by default". Option: first name + first letter of surname ("Jan J.").Live
Customer call recordingYes, with clear prior disclosure + legitimate purpose + retention + opt-out. GDPR Art. 6 basis required.Live
IP address loggingIP = personal data (CJEU Breyer 2016). For security under legitimate interest. For analytics: only with consent + anonymisation.Live
Google Analytics useYes with proper configuration: Consent Mode v2 + IP anonymisation + DPA + Data Privacy Framework basis. Legally feasible in NL since 2023.Live
Meta Pixel useOnly with explicit prior consent via cookie banner + JCA with Meta + Schrems II TIA. Not conditional by default = fine risk.Live
Sell email databaseAlmost never. Consent is purpose-bound — collected for your newsletter, not for resale. Severe GDPR breach.Live
Customer data for AIGDPR + AI Act. Specific consent for AI purpose + DPIA + anonymisation. Hot 2025-2026 AP priority. NL businesses already fined for unlawful AI training.Live
Shop cameraYes for security of own premises, provided aimed at own area, signs at entrance, max 4 weeks retention, no filming public street.Live
10 years customer dataTax data 7 years required (Dutch Tax Act Art. 52). Marketing/CRM data: until consent withdrawn. Indefinite retention = GDPR storage limitation breach.Live
SMS marketing customersOnly with explicit prior opt-in (Tw 11.7). Existing customer relationship: yes for similar services + STOP unsubscribe option. Otherwise heavy fine.Live
Newsletter past customersExisting customers: yes for similar services + unsubscribe option in every expression (Tw 11.7(4)). New audience or completely different product: opt-in required.Live
Employee CCTVStrict conditions: works council consent, DPIA, transparency, proportionality, specific purpose. Not for "productivity monitoring". No changing/break rooms.Live
Neighbour garden cameraAimed at own property: GDPR household exception. At your garden or public road: GDPR + portrait law + civil nuisance law.Live
Doorbell camera RingAimed at own property = GDPR household exception. But coverage overlap with public street/neighbours = GDPR applies. Sign + limited recording range.Live
Dashcam recordingRecording allowed for own evidence. Publication without anonymisation often not. Footage max 7 days unless relevant accident. Dashcam must be removed at police check.Live
Camera footage onlineNo. Publication = GDPR breach + defamation risk (Sr 261/262) + tort. Footage to police — not on social media.Live
Call recordingNL = one-party consent. You participate = recording legal (Sr 139a). Covert recording by third party = criminal. Publication still under GDPR.Live
Work email readingOnly with works council consent, prior handbook notice, proportional, and on concrete suspicion. Private correspondence remains protected (Bărbulescu).Live
Employee GPS trackingSee also <a href="/privacycheck/mag-dit/mag-werkgever-locatie-volgen/en">"May employer track location"</a>. Only with works council + DPIA + work-hours only + proportional purpose.Live
Toilet/changing cameraStrictly prohibited. Sr 139f + GDPR Art. 9 + Occupational Safety Act. Immediate fine + investigation + criminal prosecution possible.Live
School photo childOnly with explicit parental consent (child <16) or child consent (≥16). Withdrawable + per-channel specifiable.Live
Sports club photo websiteRecognisable players = personal data. Basis: legitimate interest questionable, consent safer. For minors: UAVG Art. 5 parental consent.Live
Insurer medical recordSee our article <a href="/privacycheck/mag-dit/mag-verzekeraar-medisch-dossier/en">insurer-medical-record</a>. Only via medical adviser, only what strictly needed for claim, your consent required.Live
Bank balance to othersNever without your explicit consent or legal obligation (tax authority, justice). Banking secrecy + GDPR. Breach = fine + damages claim.Live
UWV shares work dataOnly what employer strictly needs (continued pay, reintegration). Medical details: only via occupational physician, never directly to employer.Live
Municipality publish BSNBSN on publicly accessible documents = AP violation (Wabb + GDPR). Identity-fraud risk. Multiple AP fines for municipalities 2023-2025.Live
Tax authority bank accountSee our article <a href="/privacycheck/mag-dit/mag-belastingdienst-bankgegevens/en">tax-authority-bank-data</a>. Annual balance reporting automatic. Targeted transaction access: only on investigation basis.Live
Employer Google applicantPublic info yes, provided transparent + work-relevant. No covert social media screening. See also <a href="/privacycheck/mag-dit/mag-werkgever-googelen-sollicitant/en">employer-google-applicant</a>.Live
Landlord income checkYes under proportionality norm. For social/mid-rent fixed rules. For free sector: excessive demands (3x net rent statements) often unlawful.Live
Marktplaats ID requestAlmost never justified. ID + BSN = identity-fraud risk. Doubt? Refuse + report as suspicious profile via Marktplaats.Live
Airbnb camera rulesCommon areas: only with prior disclosure in listing. Bedroom + bathroom: NEVER, not even "off" mode. Airbnb policy 2024: total ban on indoor cameras.Live
Homecare client photoMedical imagery = special category (Art. 9). Only with explicit consent + healthcare basis. Private phone: almost never allowed.Live
School monitor online classFunctional monitoring (cam/mic during class, screen-share view) allowed with basis. Wider monitoring (keylogger, off-class screen capture) not without parent consent.Live
Webshop account retentionAccount after erasure request (Art. 17) must go. Only legally required data (Wwft, 7-year-fiscal for invoices) may be retained.Live
CV years retentionNVP guideline: max 4 weeks without consent, max 1 year with explicit consent. Removal mandatory thereafter. Fine risk on longer retention.Live
Insurer medical examinationFor insurance above threshold yes, within Dutch Medical Examinations Act (Wmk). No legally prohibited medical-history questions (HIV, cancer, depression).Live
PI surveillanceSee our extensive article <a href="/privacycheck/mag-dit/mag-prive-detective-volgen/en">may-private-detective-follow</a>. Only licensed firms (WPBR) + legitimate purpose + only public locations.Live
Supplier non-EU storageOnly with valid transfer basis (adequacy decision, SCCs + TIA, BCRs). Schrems II + Data Privacy Framework make US extra complicated.Live
SaaS data miningOnly if the DPA permits. "Service improvement" often vague — request specific scope + anonymisation + opt-out.Live
AI chatbot customer dataStrict requirements: basis, purpose limitation, anonymisation, DPIA, AI Act compliance. Major 2025-2026 AP enforcement priority.Live
Vaccination status employeesHealth data = GDPR Art. 9 special category. Almost never allowed, except specific healthcare contexts + via occupational physician. HR registration prohibited.Live
Customer list on departureAlmost never. Customer data = employer property + GDPR violation + Dutch Trade Secret Act. Non-compete clause extra restrictive.Live
Influencer client photoOnly with explicit per-use consent. "Implicit" consent ("they liked being photographed") insufficient under GDPR + portrait law. Sponsored content extra strict.Live
Coach record sessionOnly with explicit client consent + clear purpose scope + retention + erasure right. Mental-health coaching extra strict (Art. 9).Live
Supplier market researchOnly anonymised (irreversible), or with separate explicit consent. "Anonymising" via pseudonymisation or aggregates = often still GDPR. Raw customer data: never.Live
Photo studio archiveRetention must be proportionate. "Forever" rarely justified. Customer can demand erasure via Art. 17 — photographer must honour.Live
Loyalty programme archiveFor points administration: while membership runs + reasonable wind-down. For profiling: separate basis + transparency. Indefinite retention ≠ allowed.Live