On May 7th 2025 the EU and Singapore signed the Digital Trade Agreement (DTA). Following the signing of the EU-Singapore Free Trade Agreement in 2019, and building on the EU-Singapore Digital Partnership and Digital Trade...more
On 4 October 2024, the Court of Justice of the European Union (CJEU) published its long-awaited judgement in case C-621/22 (KNLTB), which clarifies that purely commercial interests may not be categorically excluded from...more
Once again, a Dutch district court has recalled a decision of the Dutch Data Protection Authority (Dutch DPA) for its too strict interpretation that purely commercial interests cannot be legitimate interests under Article...more
On 1 May 2024, the Dutch Data Protection Authority (DPA) issued guidelines on data scraping used by private organisations in relation to GDPR principles including ‘lawfulness’. The guidelines could affect the way GenAI...more
Earlier this month, EU lawmakers met for the second trilogue meeting in the negotiations on the upcoming Cyber Resilience Act (“CRA”). The CRA aims to strengthen cybersecurity in Europe on an unprecedent scale – the European...more
AI technology is surging ahead of regulation and this gap has left companies in quandary. Privacy professionals are asked how can we plan for the lawful use of AI when the legal landscape for its adoption is unsettled....more
The European Commission recently proposed the EU Cyber Resilience Act, a regulation on cybersecurity requirements for products with digital elements. The proposal introduces wide-ranging technical and governance measures that...more
The Dutch Council of State Council has overturned the Dutch Data Protection Authority's decision to fine VoetbalTV. The Council of State unfortunately did not bring the legal certainty we were hoping for. It is still unclear...more
The European Commission (EC) has proactively reached out to the Dutch Data Protection Authority (DPA) to criticize its interpretation of legitimate interest under the GDPR. The criticism is in response to enforcement actions...more
The Dutch data protection authority (Autoriteit Persoonsgegevens or AP) has rejected the license application of a Dutch association of small and medium enterprises (VODIOM associations) to keep a blacklist of possible...more
A group of Dutch regulators announced the establishment of the Digital Regulation Collaboration Platform (Samenwerkingsplatform Digitale Toezichthouders, or Platform). The Dutch Data Protection Authority (Autoriteit...more
On 27 August 2021, the Swiss Federal Data Protection and Information Commissioner (FDPIC) formally recognised the new EU Standard Contractual Clauses (SCC) for international transfers from Switzerland to third countries if...more
The Dutch Supervisory Authority (Autoriteit Persoongsgevens or "AP") has published a privacy booklet that primarily aims to support Works Council in its role with regard to privacy under the GDPR. Whilst the booklet provides...more
The General Data Protection Regulation 2016/679 (GDPR) provides means to enforce provisions related to personal data processing by you as a data controller or data processor. It introduces collective actions everywhere in...more
The General Data Protection Regulation 2016/679 (GDPR) provides means to enforce provisions related to personal data processing by you as a data controller or data processor. It introduces collective actions everywhere in...more
11/22/2019
/ Burden of Proof ,
Class Action ,
Cybersecurity ,
Data Breach ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
European Commission ,
Evidence ,
Forum Shopping ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Litigation Strategies ,
Personal Data ,
Personally Identifiable Information ,
Private Right of Action ,
Risk Management ,
Russia
Whilst political uncertainty may have businesses’ attention fixed, the Hogan Lovells Global Survey on Digital Regulation: ‘A Turning Point for Tech’ suggests that tech companies should be looking elsewhere. During yesterday’s...more
10/31/2019
/ 5G Network ,
Big Tech ,
Business Model ,
Competition ,
Copyright ,
Corporate Taxes ,
Cybersecurity ,
Data Protection ,
Digital Platforms ,
Enforcement Programs ,
EU ,
Freedom of Expression ,
General Data Protection Regulation (GDPR) ,
Innovative Technology ,
Privacy Concerns ,
Regulatory Agenda ,
Regulatory Oversight ,
Regulatory Standards ,
United Arab Emirates (UAE)
In the wake of a recent announcement by a major Dutch bank that it would start providing its customers with personalized advertisements based on their spending patterns, the Dutch Data Protection Authority (DPA) has sent a...more
7/11/2019
/ Advertising ,
Consumer Financial Products ,
Customer Privacy ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Protection ,
Data Protection Authority ,
Direct Marketing ,
EU ,
Financial Services Industry ,
Financial Transactions ,
General Data Protection Regulation (GDPR) ,
Marketing Perspectives ,
Netherlands ,
Personal Data ,
Regulatory Standards
On 14 March 2019, the Dutch data protection authority (Autoriteit Persoonsgegevens, DPA) announced (in Dutch) its fining structure for violations of the European General Data Protection Regulation (GDPR) and the Dutch law...more
3/21/2019
/ Cybersecurity ,
Data Protection ,
EU ,
EU Data Protection Laws ,
Fines ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Netherlands ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Oversight ,
Regulatory Requirements ,
Risk Management
On 7 March 2019, the Dutch Data Protection Authority published guidance (in Dutch) that it considers “cookie walls” to violate the GDPR. A cookie wall is a pop-up on a website that blocks a user from access to the website...more
3/13/2019
/ Cookies ,
Cybersecurity ,
Data Protection ,
Data Protection Authority ,
EU ,
EU Data Protection Laws ,
Failure to Comply ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Netherlands ,
Personal Data ,
Personally Identifiable Information ,
Websites
With the General Data Protection Regulation (GDPR) now in force, the focus on privacy and data protection throughout the European Union (EU) is stronger than ever before. With this new law comes new obligations for companies...more
7/2/2018
/ Cybersecurity ,
Data Breach ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Internal Investigations ,
International Data Transfers ,
Notification Requirements ,
Personal Data ,
Personally Identifiable Information ,
Risk Management