On 15 April 2025, the Dutch Data Protection Authority (DPA) issued warnings to 50 organisations, including online retailers, media companies, and insurers, for deploying misleading cookie banners or unlawfully placing...more
Once again, a Dutch district court has recalled a decision of the Dutch Data Protection Authority (Dutch DPA) for its too strict interpretation that purely commercial interests cannot be legitimate interests under Article...more
On 1 May 2024, the Dutch Data Protection Authority (DPA) issued guidelines on data scraping used by private organisations in relation to GDPR principles including ‘lawfulness’. The guidelines could affect the way GenAI...more
AI technology is surging ahead of regulation and this gap has left companies in quandary. Privacy professionals are asked how can we plan for the lawful use of AI when the legal landscape for its adoption is unsettled....more
The Dutch Council of State Council has overturned the Dutch Data Protection Authority's decision to fine VoetbalTV. The Council of State unfortunately did not bring the legal certainty we were hoping for. It is still unclear...more
The European Commission (EC) has proactively reached out to the Dutch Data Protection Authority (DPA) to criticize its interpretation of legitimate interest under the GDPR. The criticism is in response to enforcement actions...more
A group of Dutch regulators announced the establishment of the Digital Regulation Collaboration Platform (Samenwerkingsplatform Digitale Toezichthouders, or Platform). The Dutch Data Protection Authority (Autoriteit...more
On 27 August 2021, the Swiss Federal Data Protection and Information Commissioner (FDPIC) formally recognised the new EU Standard Contractual Clauses (SCC) for international transfers from Switzerland to third countries if...more
The Dutch Supervisory Authority (Autoriteit Persoongsgevens or "AP") has published a privacy booklet that primarily aims to support Works Council in its role with regard to privacy under the GDPR. Whilst the booklet provides...more
The General Data Protection Regulation 2016/679 (GDPR) provides means to enforce provisions related to personal data processing by you as a data controller or data processor. It introduces collective actions everywhere in...more
On November 23, a Dutch lower administrative court annulled a EUR 575,000 fine imposed by the Dutch supervisory authority (Dutch SA) against VoetbalTV for relying on its legitimate interest for solely commercial purposes....more
The Dutch Data Protection Authority (DPA) issued a EUR 830,000 (approximately USD 937,000) fine against the Dutch Credit Registration Bureau (BKR) for violating data subject rights. The fine stems from BKR’s practice of...more
The General Data Protection Regulation 2016/679 (GDPR) provides means to enforce provisions related to personal data processing by you as a data controller or data processor. It introduces collective actions everywhere in...more
11/22/2019
/ Burden of Proof ,
Class Action ,
Cybersecurity ,
Data Breach ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
European Commission ,
Evidence ,
Forum Shopping ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Litigation Strategies ,
Personal Data ,
Personally Identifiable Information ,
Private Right of Action ,
Risk Management ,
Russia
Whilst political uncertainty may have businesses’ attention fixed, the Hogan Lovells Global Survey on Digital Regulation: ‘A Turning Point for Tech’ suggests that tech companies should be looking elsewhere. During yesterday’s...more
10/31/2019
/ 5G Network ,
Big Tech ,
Business Model ,
Competition ,
Copyright ,
Corporate Taxes ,
Cybersecurity ,
Data Protection ,
Digital Platforms ,
Enforcement Programs ,
EU ,
Freedom of Expression ,
General Data Protection Regulation (GDPR) ,
Innovative Technology ,
Privacy Concerns ,
Regulatory Agenda ,
Regulatory Oversight ,
Regulatory Standards ,
United Arab Emirates (UAE)
In the wake of a recent announcement by a major Dutch bank that it would start providing its customers with personalized advertisements based on their spending patterns, the Dutch Data Protection Authority (DPA) has sent a...more
7/11/2019
/ Advertising ,
Consumer Financial Products ,
Customer Privacy ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Protection ,
Data Protection Authority ,
Direct Marketing ,
EU ,
Financial Services Industry ,
Financial Transactions ,
General Data Protection Regulation (GDPR) ,
Marketing Perspectives ,
Netherlands ,
Personal Data ,
Regulatory Standards
On 19 March 2019, the Dutch Senate approved legislation introducing collective damages actions in the Netherlands (the “Legislation”) which will broaden the regime even further. ...more
4/19/2019
/ Admissibility ,
Big Data ,
Class Action ,
Class Members ,
Collective Actions ,
Data Breach ,
EU ,
General Data Protection Regulation (GDPR) ,
Netherlands ,
Opt-Outs ,
Personal Data ,
Standing
On 14 March 2019, the Dutch data protection authority (Autoriteit Persoonsgegevens, DPA) announced (in Dutch) its fining structure for violations of the European General Data Protection Regulation (GDPR) and the Dutch law...more
3/21/2019
/ Cybersecurity ,
Data Protection ,
EU ,
EU Data Protection Laws ,
Fines ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Netherlands ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Oversight ,
Regulatory Requirements ,
Risk Management
On 7 March 2019, the Dutch Data Protection Authority published guidance (in Dutch) that it considers “cookie walls” to violate the GDPR. A cookie wall is a pop-up on a website that blocks a user from access to the website...more
3/13/2019
/ Cookies ,
Cybersecurity ,
Data Protection ,
Data Protection Authority ,
EU ,
EU Data Protection Laws ,
Failure to Comply ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Netherlands ,
Personal Data ,
Personally Identifiable Information ,
Websites
With the General Data Protection Regulation (GDPR) now in force, the focus on privacy and data protection throughout the European Union (EU) is stronger than ever before. With this new law comes new obligations for companies...more
7/2/2018
/ Cybersecurity ,
Data Breach ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Internal Investigations ,
International Data Transfers ,
Notification Requirements ,
Personal Data ,
Personally Identifiable Information ,
Risk Management