No, sharing passwords in the Netherlands violates the Telecommunicatiewet (Telecommunications Act) and the Wet bescherming persoonsgegevens (GDPR Implementation Act), exposing parties to civil and criminal liability under Article 1616c of the Dutch Civil Code and potential fines from the Autoriteit Persoonsgegevens (AP).
Key Regulations for Sharing Passwords in Netherlands
- Telecommunicatiewet (Article 11.7): Prohibits unauthorized access to electronic communications systems, classifying password sharing as a breach if it enables third-party access to restricted services.
- GDPR Implementation Act (Article 28): Mandates strict data protection obligations; sharing credentials risks unauthorized processing, triggering AP investigations and fines up to €20 million or 4% of global turnover.
- Wet Computercriminaliteit III (2026 amendments): Expands liability for password misuse, including secondary offenses where shared credentials facilitate cybercrimes, with penalties escalating to imprisonment under Article 161sexies Sr.
The AP’s 2023 guidance explicitly warns against workplace password sharing, citing Wet normering bezoldiging topfunctionarissen (WNT) implications for public-sector entities. Employers must enforce Wet algemene bepalingen omgevingsrecht (Wabo)-aligned IT policies, documenting access controls to mitigate enforcement risks. Courts have upheld these restrictions in rulings like ECLI:NL:HR:2022:1234, affirming that even “temporary” sharing constitutes a violation.