Protection personal data - our challenge

In today's digital age, personal information is unintentionally falling into the hands of third parties with increasing frequency. In many cases there is little that a consumer can do about it. This may be because for example, databases are not properly secured, because cookies store information when we surf the web, allowing advertisers to gain an insight into our surfing behaviour, or because people fall victim to internet crime, such as hacking, phishing or spoofing.

If our personal information unintentionally falls into the hands of third parties, it can result in unpleasant situations. The most common of these is receiving unwanted advertisements. Less common problems, albeit very serious ones, are instances of identity fraud or theft and the misuse of data. In these cases it is possible, for example,  for tweets to be posted in another person's name, for money to be withdrawn from a bank account or for orders to be placed in online shops - all without permission. Reputation damage may also result if certain information that would have been better not to reveal is made available on social networks for everyone to see. A company may use this as a reason not to invite a person to a job interview, for example.

There are ways we can take control ourselves when it comes to protecting our personal data. We can install anti-virus applications on a smartphone or tablet, for example, take measures against the loss or theft of a telephone or set privacy settings on social networks in such a way that not all photos, videos and statements are visible to everyone.

Many consumers are not properly informed, however, about the potential risks and the steps that they can take themselves to mitigate these. In most cases, companies only have an extensive legal and privacy statement on their website. They often lack to inform customers in an accessible way and to give them control over their own personal information.

Privacy is therefore a subject to which politicians, consumer organisations and regulators are paying a great deal of attention. They are concerned about the use of certain techniques and want to know the extent to which the privacy of users is at stake.

Privacy is a broad concept. According to the Dutch Wikipedia site, privacy is about the protection of personal data, the protection of one's own body and one's own home, the protection of domestic and family life and the right to communicate confidentially by letter, telephone and e-mail. Nowadays, the ability to determine ourselves who obtains what information about us can also be added to this definition. Generally speaking, privacy means that a person is able to do things without the outside world intruding on these or knowing about them. It is a defensive right that protects a person's private life. 

Use of deep packet inspection (DPI) by providers

In May 2011 various media reported that a number of mobile network providers, such as KPN and Vodafone, make use of deep packet inspection (DPI) to analyse data packets which are transmitted across their mobile networks. For external stakeholders, however, such as Dutch MPs, the media and regulators, it was unclear at what level packet inspection was being applied, what the precise purposes are for which these techniques are employed and whether there was a threat to user privacy. The impression was created that mobile network providers were looking at more than is necessary and were using DPI to restrict access to the open internet (by charging extra for using WhatsApp, for example).

In June 2011 OPTA [the Independent Post and Telecommunications Authority] investigated whether and how the four biggest mobile network providers (KPN, Vodafone, T-Mobile and Tele2) analyse their data traffic. From the initial results of the investigation OPTA found nothing to suggest that mobile operators read the e-mail messages of their subscribers or look at photos that are sent, for example. OPTA did, however, conclude that the operators see more than is strictly necessary for handling data traffic. For this reason the telecommunications regulator made its provisional findings available to the Dutch Data Protection Authority (CBP). This information is being incorporated into the CBP's own investigation into compliance with the Dutch Data Protection Act. The results of this investigation are expected to be published in the autumn of 2012. 


  • 20% of Dutch people lose their mobile phone or have it stolen at some point or other
  • 41% of people do not set a password on their mobile phone
  • 68% uses social network sites
  • Virtually all websites use cookies to monitor the behaviour of visitors
  • 5% of people are victims of identity fraud
  • 27,371 complaints about spam received by OPTA in 2011


“Many people consider privacy a non-issue, ‘if you have nothing to hide then you have nothing to fear’. But I fear the consequences of identity theft, and when you consider those you understand that you have quite a lot to hide.”

"Identity theft is a many-headed monster. Sometimes we don’t have to do anything wrong to become a victim. Sometimes companies gather our information, which is then leaked through a badly secured system, sometimes we don’t pay enough attention and sometimes it just happens. But the problems are real, current and becoming clearer.”

Brenno de Winter in: ‘You are also being hacked. To read how, click here’.