Exceptions to the information requirements
Article 41(1) UAVG allows controllers to disregard the data information requirements (Art. 13, 14 GDPR) to the extent necessary and proportionate to ensure the following:
- national and security;
- national defense;
- public safety;
- the prevention, investigation, detection and prosecution of criminal offenses or the enforcement of sanctions, including the protection and prevention of threats to public security;
- other important objectives of general interest of the European Union or of the Netherlands, in particular an important economic or financial interest of the European Union or of the Netherlands, including monetary, budgetary and fiscal matters, public health and social security;
- the protection of the independence of the court and legal proceedings;
- the prevention, investigation, detection and prosecution of breaches of professional rules for regulated professions;
- a task in the field of supervision, control or regulation which, although incidentally, involves the exercise of official authority;
- the protection of the data subject or the rights and freedoms of others;
- the collection of civil claims.
In deciding to disregard the above-mentioned obligations and rights, the controller shall take into account several factors listed in Article 41 (2) UAVG, such as: the purposes of the processing or categories of processing, the categories of personal data, the risks to the rights and freedoms of those involved, etc.