Building a Cost-Effective Global Patent Portfolio Using the Netherlands
JONES DAY TALKS®: Private Antitrust Litigation in the Netherlands
On 15 April 2025, the Dutch Data Protection Authority (DPA) issued warnings to 50 organisations, including online retailers, media companies, and insurers, for deploying misleading cookie banners or unlawfully placing...more
EU countries will need to designate supervisory authorities (SAs) for the EU AI Act by August 2025. Contrary to GDPR, for example, a single country is allowed to appoint multiple AI SAs. Furthermore, an SA could be appointed...more
In a significant ruling (dated 9 September 2024), The Hague District Court (Court) has sided with Bunq B.V. (Bunq), dismissing part of the customer's GDPR access request. This decision highlights that a financial entity’s...more
Introduction - The subject of “legitimate interests” and in particular whether they can be “purely commercial” has been a topic of front and center stage debate in the Netherlands for some time. The Dutch data protection...more
Dutch data privacy officials recently imposed a staggering penalty on Uber – €290 million ($324 million) – for allegedly breaching the European Union’s comprehensive data privacy and security law. This groundbreaking fine is...more
Once again, a Dutch district court has recalled a decision of the Dutch Data Protection Authority (Dutch DPA) for its too strict interpretation that purely commercial interests cannot be legitimate interests under Article...more
On 26 August the Dutch Data Protection Authority (DPA) fined Uber EUR 290 million for a breach of the General Data Protection Regulation (GDPR). Following a number of complaints from French Uber drivers, the DPA found that...more
On May 2 2024, the Dutch data protection supervisory authority (the Dutch DPA) published guidance on the processing of personal data when using facial recognition....more
On 1 May 2024, the Dutch Data Protection Authority (DPA) issued guidelines on data scraping used by private organisations in relation to GDPR principles including ‘lawfulness’. The guidelines could affect the way GenAI...more
The Dutch Data Protection Authority (AP) has recently issued new guidance on data scraping. The guide highlights the significant legal risks it poses to personal data and the restrictions required under the GDPR....more
The Dutch Council of State Council has overturned the Dutch Data Protection Authority's decision to fine VoetbalTV. The Council of State unfortunately did not bring the legal certainty we were hoping for. It is still unclear...more
The entire privacy community waited anxiously for the outcome of the EUR 11 billion class action claim, launched in the summer of 2020 by The Privacy Collective (TPC) against several Oracle and Salesforce entities at the...more
A group of Dutch regulators announced the establishment of the Digital Regulation Collaboration Platform (Samenwerkingsplatform Digitale Toezichthouders, or Platform). The Dutch Data Protection Authority (Autoriteit...more
Employers that want to scan the QR code on their employees' CoronaCheck app would do well to draw up a policy that outlines the measures for providing a safe workplace....more
Welcome to the latest edition of Updata - the international update from Eversheds Sutherland’s dedicated Privacy and Cybersecurity team. Updata provides you with a compilation of privacy and cybersecurity regulatory and...more
The Dutch Supervisory Authority (Autoriteit Persoongsgevens or "AP") has published a privacy booklet that primarily aims to support Works Council in its role with regard to privacy under the GDPR. Whilst the booklet provides...more
On November 23, a Dutch lower administrative court annulled a EUR 575,000 fine imposed by the Dutch supervisory authority (Dutch SA) against VoetbalTV for relying on its legitimate interest for solely commercial purposes....more
A handful of tech’s biggest leaders—the CEOs of Facebook, Twitter, and Google, to be precise—descend upon the Hill today for a Senate Commerce Committee hearing on content monitoring and Section 230, the “slim and powerful...more
We recently reported on the risks of scanning employees’ fingerprints. After the District Court of Amsterdam reprimanded a shoe store chain last summer for using fingerprint scans to access the tills, Dutch Department store...more
At the end of 2019, Dutch department store chain HEMA announced it was going to stop using fingerprints for its time clocks and sales registers. HEMA had been planning to introduce this fast and reliable method of...more
Q1/ Applicable legislation - (a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation? New legislation has been passed....more
The Dutch DPA has issued guidance on the use of “legitimate interest” as a legal basis for processing data under GDPR. Key takeaways on what constitutes “legitimate”: The interest needs to be pursuant to a written or...more
Who is responsible for putting a GDPR Article 28 Data Processing Agreement in place? Dutch Data Protection Authority, Autoreitpersoonsgegevens, says: BOTH the data controller and the data processor....more
The Dutch Data Protection Authority has written to the Dutch Banking Association to state that processing customers' transaction data for direct marketing purposes may not be in compliance with the General Data Protection...more
The Dutch Data Protection Authority has levied a fine of 460,000 euros on Haga Hospital for insufficient security following an investigation revealing that dozens of hospital staff had unnecessarily checked the medical...more