Building a Cost-Effective Global Patent Portfolio Using the Netherlands
JONES DAY TALKS®: Private Antitrust Litigation in the Netherlands
On 15 April 2025, the Dutch Data Protection Authority (DPA) issued warnings to 50 organisations, including online retailers, media companies, and insurers, for deploying misleading cookie banners or unlawfully placing...more
Dutch data privacy officials recently imposed a staggering penalty on Uber – €290 million ($324 million) – for allegedly breaching the European Union’s comprehensive data privacy and security law. This groundbreaking fine is...more
Once again, a Dutch district court has recalled a decision of the Dutch Data Protection Authority (Dutch DPA) for its too strict interpretation that purely commercial interests cannot be legitimate interests under Article...more
On 26 August the Dutch Data Protection Authority (DPA) fined Uber EUR 290 million for a breach of the General Data Protection Regulation (GDPR). Following a number of complaints from French Uber drivers, the DPA found that...more
On May 2 2024, the Dutch data protection supervisory authority (the Dutch DPA) published guidance on the processing of personal data when using facial recognition....more
On 1 May 2024, the Dutch Data Protection Authority (DPA) issued guidelines on data scraping used by private organisations in relation to GDPR principles including ‘lawfulness’. The guidelines could affect the way GenAI...more
The Dutch Council of State Council has overturned the Dutch Data Protection Authority's decision to fine VoetbalTV. The Council of State unfortunately did not bring the legal certainty we were hoping for. It is still unclear...more
The entire privacy community waited anxiously for the outcome of the EUR 11 billion class action claim, launched in the summer of 2020 by The Privacy Collective (TPC) against several Oracle and Salesforce entities at the...more
A group of Dutch regulators announced the establishment of the Digital Regulation Collaboration Platform (Samenwerkingsplatform Digitale Toezichthouders, or Platform). The Dutch Data Protection Authority (Autoriteit...more
Employers that want to scan the QR code on their employees' CoronaCheck app would do well to draw up a policy that outlines the measures for providing a safe workplace....more
Welcome to the latest edition of Updata - the international update from Eversheds Sutherland’s dedicated Privacy and Cybersecurity team. Updata provides you with a compilation of privacy and cybersecurity regulatory and...more
The Dutch Supervisory Authority (Autoriteit Persoongsgevens or "AP") has published a privacy booklet that primarily aims to support Works Council in its role with regard to privacy under the GDPR. Whilst the booklet provides...more
We recently reported on the risks of scanning employees’ fingerprints. After the District Court of Amsterdam reprimanded a shoe store chain last summer for using fingerprint scans to access the tills, Dutch Department store...more
Q1/ Applicable legislation - (a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation? New legislation has been passed....more
The Dutch DPA has issued guidance on the use of “legitimate interest” as a legal basis for processing data under GDPR. Key takeaways on what constitutes “legitimate”: The interest needs to be pursuant to a written or...more
The Dutch Data Protection Authority has levied a fine of 460,000 euros on Haga Hospital for insufficient security following an investigation revealing that dozens of hospital staff had unnecessarily checked the medical...more
In the wake of a recent announcement by a major Dutch bank that it would start providing its customers with personalized advertisements based on their spending patterns, the Dutch Data Protection Authority (DPA) has sent a...more
How do you verify the identity of an individual requesting access to their data or that data be deleted? The Dutch Data Protection Authority, Autoriteitpersoonsgegevens, offers guidance which can be helpful and instructive...more
Much has happened since the European Union (EU) General Data Protection Regulation (GDPR) went into effect on May 25, 2018. Many EU countries have enacted national legislation to implement and expand the requirements of the...more
“The right to be forgotten does not apply in principle to medical records. However, as a patient, you may ask your health care provider to remove data from your medical record,” according to the Dutch Data Protection...more
The Dutch Data Protection Authority makes six recommendations on drafting your data protection policy, based on its audits of privacy policies of blood banks, IVF clinics and political parties. A good data protection policy...more
On 14 March 2019, the Dutch data protection authority (Autoriteit Persoonsgegevens, DPA) announced (in Dutch) its fining structure for violations of the European General Data Protection Regulation (GDPR) and the Dutch law...more
On 7 March 2019, the Dutch Data Protection Authority published guidance (in Dutch) that it considers “cookie walls” to violate the GDPR. A cookie wall is a pop-up on a website that blocks a user from access to the website...more
Cookies and trackers sat on a wall, cookies and trackers had a great fall… Dutch data protection authority, Autoreitpersoonsgegevens (AP), holds that the practice of a cookie banner that does not allow you to enter a...more
On the heels of the European Union's General Data Protection law, which went into effect in May 2018, California has enacted the California Consumer Privacy Act ("CCPA")—the result of an 11th-hour compromise between...more