Disclosing Personal Data
rule, personal data may only be disclosed if such disclosure is compatible with the purpose for which they were collected. Whether this is the case will depend on the specific circumstances, which may vary in each situation.
Compatible with the Purpose
To answer the question whether a disclosure is compatible, several factors should be taken into account. These include:
- the connection with the purpose of the collection;
- the nature of the data;
- the consequences of disclosure;
- the guarantees that have been provided;
- the expectations of the data subject (the individual whose personal data an organization is using).
Grounds for Disclosure
In addition to the general rule of compatibility, data disclosure should be based on one of the 6 grounds (also called “foundations”) in Article 8 of the Personal Data Protection Act BES (PDPA BES), which are:
- consent of the data subject;
- performance of a contract;
- legal obligation;
- vital interest of the data subject;
- performance of a public-law duty;
- legitimate interests of the organization.
Can an organization disclose my personal data with my consent?
Yes, it can. An organization can disclose your personal data to another organization if this is necessary to perform a contract with you. For example, if you have ordered a mobile phone from a telecom company, this company may disclose your personal data to a delivery service.
Can an organization disclose my personal data in order to perform a contract?
Yes, it can. An organization can disclose your personal data to another organization if this is necessary to perform a contract with you. For example, if you have ordered a mobile phone from a telecom company, this company may disclose your personal data to a delivery service.
Can an organization disclose my personal data to protect a vital interest of mine?
Yes, it can. An example of a vital interest is an urgent medical need. However, it is better to ask for your consent. Only when this is no longer possible (e.g. because you have lost consciousness) may an organization disclose your personal data without your consent.
Can an organization disclose my personal data to fulfill a public-law duty?
A government organization may disclose your personal data if this is required for the proper fulfillment of a public-law duty. This may be either a duty of the organization itself or a duty of the government organization receiving the data.
For example, the Prosecutor’s Office may disclose information about a criminal offense, such as a fraud case, to insurers in order to allow recovery of the damages from the perpetrator. Such disclosure arises from the Prosecutor’s Office’s duties, which include serving the interests of victims.
Can an organization disclose my personal data in case of a legitimate interest?
Yes, an organization may disclose your data if this is necessary for the purposes of legitimate interests pursued by that organization, such as acts that are part of an organization’s normal business operations or day-to-day management.
The organization will have to analyze, however, whether it can achieve the same result with fewer data or via a less intrusive procedure. The organization should also conduct a privacy review. This means that the organization should weigh your interests against the interest of the organization in disclosing your data.
Laws
The Commission is charged with monitoring whether organizations comply with statutory rules and regulations on personal data use. There are many laws, decrees, and regulations governing personal data processing. The three laws supervised by the Commission are:
- Personal Data Protection Act BES (PDPA BES);
- Police Records Act;
- Act on BES Personal Records in the Caribbean Netherland.
Personal Date Protectin Act BES (PDPA BES)
The Personal Data Protection Act BES (PDPA BES) provides the main rules for dealing with personal data in the Caribbean Netherlands.
Police Records Act
The police uses all sorts of personal data required to properly fulfill its duties, e.g. to investigate perpetrators of criminal offenses. Personal data protection by the police is regulated in the Police Records Act (PRA).
Act on BES Personal Records in the Caribbean Netherlands
A well-functioning population registry in the Caribbean Netherlands is regulated in the BES Personal Records Act. The population register includes personal data of the inhabitants of the Caribbean Netherlands. The BES Personal Records Act regulates the proper use of these data, including the procedure for recording, altering, and disclosing them.