On 15 April 2025, the Dutch Data Protection Authority (DPA) issued warnings to 50 organisations, including online retailers, media companies, and insurers, for deploying misleading cookie banners or unlawfully placing...more
Once again, a Dutch district court has recalled a decision of the Dutch Data Protection Authority (Dutch DPA) for its too strict interpretation that purely commercial interests cannot be legitimate interests under Article...more
On 1 May 2024, the Dutch Data Protection Authority (DPA) issued guidelines on data scraping used by private organisations in relation to GDPR principles including ‘lawfulness’. The guidelines could affect the way GenAI...more
The Dutch Council of State Council has overturned the Dutch Data Protection Authority's decision to fine VoetbalTV. The Council of State unfortunately did not bring the legal certainty we were hoping for. It is still unclear...more
The Dutch data protection authority (Autoriteit Persoonsgegevens or AP) has rejected the license application of a Dutch association of small and medium enterprises (VODIOM associations) to keep a blacklist of possible...more
A group of Dutch regulators announced the establishment of the Digital Regulation Collaboration Platform (Samenwerkingsplatform Digitale Toezichthouders, or Platform). The Dutch Data Protection Authority (Autoriteit...more
The Dutch Supervisory Authority (Autoriteit Persoongsgevens or "AP") has published a privacy booklet that primarily aims to support Works Council in its role with regard to privacy under the GDPR. Whilst the booklet provides...more
On November 23, a Dutch lower administrative court annulled a EUR 575,000 fine imposed by the Dutch supervisory authority (Dutch SA) against VoetbalTV for relying on its legitimate interest for solely commercial purposes....more
The Dutch Data Protection Authority (Dutch DPA) recently imposed a fine of EUR 525,000 on the Royal Dutch Tennis Association (KNLTB) for sharing the personal data of its members with two of its sponsors in June 2018 on the...more
In the wake of a recent announcement by a major Dutch bank that it would start providing its customers with personalized advertisements based on their spending patterns, the Dutch Data Protection Authority (DPA) has sent a...more
7/11/2019
/ Advertising ,
Consumer Financial Products ,
Customer Privacy ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Protection ,
Data Protection Authority ,
Direct Marketing ,
EU ,
Financial Services Industry ,
Financial Transactions ,
General Data Protection Regulation (GDPR) ,
Marketing Perspectives ,
Netherlands ,
Personal Data ,
Regulatory Standards
On 19 March 2019, the Dutch Senate approved legislation introducing collective damages actions in the Netherlands (the “Legislation”) which will broaden the regime even further. ...more
4/19/2019
/ Admissibility ,
Big Data ,
Class Action ,
Class Members ,
Collective Actions ,
Data Breach ,
EU ,
General Data Protection Regulation (GDPR) ,
Netherlands ,
Opt-Outs ,
Personal Data ,
Standing
On 14 March 2019, the Dutch data protection authority (Autoriteit Persoonsgegevens, DPA) announced (in Dutch) its fining structure for violations of the European General Data Protection Regulation (GDPR) and the Dutch law...more
3/21/2019
/ Cybersecurity ,
Data Protection ,
EU ,
EU Data Protection Laws ,
Fines ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Netherlands ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Oversight ,
Regulatory Requirements ,
Risk Management
On 7 March 2019, the Dutch Data Protection Authority published guidance (in Dutch) that it considers “cookie walls” to violate the GDPR. A cookie wall is a pop-up on a website that blocks a user from access to the website...more
3/13/2019
/ Cookies ,
Cybersecurity ,
Data Protection ,
Data Protection Authority ,
EU ,
EU Data Protection Laws ,
Failure to Comply ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Netherlands ,
Personal Data ,
Personally Identifiable Information ,
Websites