Blog details

Dutch DPA Calls for Stronger Business Oversight of Algorithms and AI Use

Dutch DPA Calls for Stronger Business Oversight of Algorithms and AI Use

The Dutch Data Protection Authority identifies significant gaps in business awareness and control over algorithmic personal data processing.

The Dutch Data Protection Authority (Autoriteit Persoonsgegevens, or AP) has identified a significant gap in the Dutch business community’s preparedness for dealing with algorithms and AI systems that process personal data. According to a survey of 1,600 companies, many businesses are not fully aware of whether they are using algorithms to process personal data, and when they do, they often lack clarity about the type of algorithms involved. This widespread uncertainty signals the urgent need for greater business awareness and more robust internal governance over the deployment of automated systems.

The risks associated with algorithmic and AI use require better understanding and management by companies.

The AP’s findings highlight that while algorithms and AI are transforming business operations and customer engagement, they also introduce substantial risks under the GDPR. Many companies acknowledge that they lack sufficient understanding of the legal requirements and the risks associated with algorithmic processing, particularly when purchasing third-party software solutions. This lack of knowledge and dependence on external vendors significantly limits companies’ control over compliance and increases the likelihood of unintended adverse impacts on individuals’ rights.

The AP launches practical initiatives to support companies in managing algorithmic decision-making responsibly.

In response to these concerns, the AP announced a series of practical initiatives aimed at supporting businesses in their use of algorithms and AI. The AP will regularly publish practical tools, develop a checklist to help companies respect individuals’ rights, and continue consultations on safeguarding meaningful human intervention in algorithmic decision-making. These initiatives are designed to build companies’ capacity to understand and manage algorithmic systems responsibly.

Earlier consultations on meaningful human intervention highlighted the need for practical, actionable tools.

The AP’s announcement builds on earlier consultations, such as the consultation launched in March 2025 on meaningful human intervention in algorithmic decision-making. Recognizing that organizations often face difficulties designing effective human oversight mechanisms, the AP sought input from companies, experts, and stakeholders to ensure that their forthcoming tools would align with practical realities. The consultation emphasized that human intervention must be more than symbolic; it must be meaningful, carefully structured, and properly supported to prevent unfair or discriminatory outcomes resulting from automated decisions.

The AP collects insights from stakeholders to refine its guidance on human oversight in algorithmic systems.

Through the March 2025 consultation, the AP gathered examples and developed guiding questions related to human, technological, design, and procedural factors essential for effective human intervention. The feedback process invited organisations to share best practices and bottlenecks, with the AP committing to refine its guidance based on real-world experiences. This consultation process reflects the AP’s broader commitment to grounding its supervisory tools in practical, actionable advice tailored to the realities businesses face when implementing algorithmic decision-making systems.

The AP highlights the strategic importance of raising business awareness and providing practical support.

Monique Verdier, Vice-Chair of the AP, emphasized the strategic importance of raising awareness and providing guidance, stating that businesses need both knowledge and practical support to make informed, ethical, and legally compliant decisions. Verdier also highlighted the strong demand for more knowledge within the business community and confirmed that the AP would work closely with companies to meet this demand. This collaborative approach is intended to empower businesses to implement stronger governance over algorithmic processes and uphold individuals’ rights.

The AP will continue promoting responsible algorithm governance through engagement and supplier responsibility guidance.

Looking ahead, the AP will continue engaging with companies to gather best practices for organising the use of algorithms that process personal data and to clarify the responsibilities of suppliers. Companies are encouraged to critically assess the purpose and risks of algorithms at the procurement stage to avoid adverse consequences for customers and to foster responsible innovation. By providing this support, the AP aims to help businesses align technological adoption with both legal requirements and ethical standards.

Building AI literacy will be essential for compliance with the forthcoming AI Regulation.

These efforts by the AP are especially timely in light of the forthcoming obligations under the EU’s AI Regulation, which will require organizations to ensure that all individuals working with AI systems possess not only technical competence but also a deep understanding of social, ethical, and legal implications. To support this broader goal, the AP has also recently published “Getting Started with AI Literacy,” a practical resource designed to help organizations build the necessary capabilities for responsible AI governance and compliance.

The AP’s initiatives represent a proactive approach to preparing businesses for responsible AI and algorithm use.

In conclusion, the AP’s initiatives mark a proactive step toward strengthening corporate governance of algorithmic and AI technologies within the Netherlands. As automated systems become increasingly central to business operations, early investment in AI literacy, ethical oversight, and GDPR compliance will be critical for protecting individuals’ rights and maintaining public trust.

Discover how Aphaia can help ensure compliance of your data protection and AI strategy. We offer full GDPR and UK GDPR outsourced DPO services, which can be complemented by our US State Privacy Bundle. We specialise in empowering organisations like yours with cutting-edge solutions designed to not only meet but exceed the demands of today’s data landscape. Contact Aphaia today.

Prev post
Directrices del CEPD sobre blockchain y cumplimiento con el RGPD: consideraciones clave para responsables del tratamiento
abril 24, 2025