On 4 October 2024, the Court of Justice of the European Union (CJEU) published its long-awaited judgement in case C-621/22 (KNLTB), which clarifies that purely commercial interests may not be categorically excluded from...more
Once again, a Dutch district court has recalled a decision of the Dutch Data Protection Authority (Dutch DPA) for its too strict interpretation that purely commercial interests cannot be legitimate interests under Article...more
On 1 May 2024, the Dutch Data Protection Authority (DPA) issued guidelines on data scraping used by private organisations in relation to GDPR principles including ‘lawfulness’. The guidelines could affect the way GenAI...more
Earlier this month, EU lawmakers met for the second trilogue meeting in the negotiations on the upcoming Cyber Resilience Act (“CRA”). The CRA aims to strengthen cybersecurity in Europe on an unprecedent scale – the European...more
AI technology is surging ahead of regulation and this gap has left companies in quandary. Privacy professionals are asked how can we plan for the lawful use of AI when the legal landscape for its adoption is unsettled....more
The European Commission recently proposed the EU Cyber Resilience Act, a regulation on cybersecurity requirements for products with digital elements. The proposal introduces wide-ranging technical and governance measures that...more