Online search engine operators (‘search engines’) are often faced with individuals (applicants) requesting that an online negative publication or review about them no longer be indexed (linked) in the engine operator’s search results. In doing so, it is often argued that that negative publication or review would contain inaccurate or false information. For example, a
Sharing knowledge with you: blogs, articles and more
Annual Review of Privacy 2022
2022 was a year in which the (European) legislator, judges and regulators made plenty of noise in the field of privacy law. Numerous legislative initiatives at both the European and national levels saw the light of day, and more than once did the Dutch Data Protection Authority advise the Dutch legislator to pay more attention
Annual review of IT 2022
The year 2022 shows a multitude of legislative and policy initiatives related to IT and data at the European and national levels. The European Commission took seriously its President’s 2021 call to shape digital transformation, especially in the areas of data, artificial intelligence and cybersecurity. At the national level, we also saw a lot happening
GDPR & international transfer: deadline December 27, 2022
Last year, on June 4, 2021, the European Commission published a new model contract (in English: “Standard Contractual Clauses” or abbreviated “SCCs”) for the transfer of personal data to countries outside the European Economic Area (“EEA“). The old model contracts were no longer to be used for new transfers of personal data as of September
ARBIT 2022 – IT supplier obligations further tightened
On 10 September 2022, the new Arbit (General Government Conditions of IT Procurement) terms and conditions came into force. These Arbit 2022 replace the earlier version from 2018. These terms and conditions are used by the central government, such as ministries, independent administrative bodies and regulators as well as other public authorities for the procurement
Seminar “Duty of Care and IT Supplier”
After giving a seminar on the IT supplier’s duty of care in Eindhoven this summer, we have decided to give the seminar again at our location in The Hague, of course supplemented with relevant new case law and insights. In conflicts between IT suppliers and their customers, we are increasingly finding in our own litigation
Eu data act part III: the data act and databases
The proposal for the EU Data Act (“Data Act“) has been on the table since 23 February 2022 and is part of the European Commission’s European data strategy. With its strategy, the European Commission aims to boost digitization and give both stakeholders and businesses new opportunities regarding data. The Data Act makes it easier for
Cybersecurity on a higher level? The NIS-2 directive
In the European security agenda, originating from 2015, cybersecurity was one of the major focus areas. Since then various legislations in the field of cybersecurity have been introduced as part of the EU-strategy to make Europe more digitally resilient. Various cybersecurity incidents and an evaluation of the cybersecurity legislation in place since 2015, have urged
Seminar “Duty of Care and IT Supplier”
In conflicts between IT suppliers and their customers, we increasingly notice that the special duty of care of the supplier is invoked. What is the impact of the duty of care on the interpretation of the agreement between parties? Does it bring unpredictable obligations for ICT suppliers? Is it a legitimate fallback option for inexperienced
EU Data Act part II: unfair terms on access to and use of data between companies
The European Commission is building a European data economy. Within its Digital Single Market strategy, the European Commission is trying to stimulate data exchange within the EU through policy and regulation. In this context, on February 23, 2022, the European Commission presented its proposal for the EU Data Act (“Data Act”). The Data Act follows
Proposed guidelines for the imposition of fines
The European Data Protection Board (‘EDPB’), composed of representatives of the EU national data protection authorities has drafted new guidelines with respect to the calculation of fines in case of non-compliance of the General Data Protection Regulation (‘GDPR’). These Guidelines complement the previously adopted Guidelines on the application and setting of administrative fines dating from 2016, which focus on the circumstances in which to impose a fine. This post outlines the main elements of the proposed guidelines and sets out the differences with the current national guidelines.
As of 28 May 2022, the legislator sets strict requirements for online reviews
Consumers are increasingly searching for, comparing and purchasing products and services online. They more and more rely on reviews and recommendations from other consumers. However, these consumer reviews are not always reliable. For example, sometimes positive reviews remain online longer than negative reviews, or consumers even receive a form of reward in exchange for a
legal cloudsourcing strategy
Our 10 key lessons learned contracting model – customers may contract with a cloud service provider directly or indirectly via a cloud reseller / integrator, although in practice it is not always very clear which parties are contracting with each other for which type of services (cloud-, maintenance / support – or professional services) and
Turing Law: a new technology firm
As of April 1, 2022, lawyers Tom de Wit, Huub de Jong, Esmée Fonville, Marijn Rooke and Moo Miero will continue their practice under the new name Turing Law, supported by Morgan Remijnse as office manager. Turing Law is an independent boutique firm specializing in IT, data, privacy and digital transformation. Developments in these areas
data act: another building block for the eu data strategy
Data has become increasingly important to achieve the social and commercial goals of companies and other organisations. The European Commission expects the data economy in the EU to be worth €829 billion by 2025. In order to achieve effective data governance, every organisation will have to go through a number of steps. A good understanding of
annual update IT & IT outsourcing
In her State of the Union, the President of the European Commission called for additional efforts to shape the digital transformation, because “digital technology makes the difference between success and failure”. A related theme in the policy of the European Commission remains cyber security, which is reflected in the many initiatives in this area. In
annual update data privacy
The General Data Protection Regulation celebrated its third anniversary in 2021. Privacy is a subject that is now on the agenda of most organisations. Moreover, the developments in this area of law are moving fast. The European and national legislators are not sitting still, and the same can be said of the supervisory authorities. Also,
software as a medical device in light of the new MDR: 12 points of consideration for developers (part 3 of 3)
On May 26, 2021, the Medical Devices Regulation (EU 2017/745), better known as the Medical Devices Regulation (“MDR“), became applicable. The MDR builds on the old rules on medical devices, but at the same time is much more than the result of polishing up those old rules. The MDR brings change. Especially for developers of
look before you leap: avoid (too) strong dependence on your ICT supplier
Healthcare processes are rapidly digitising and the Corona pandemic has only accelerated this process. The use of ICT to support or improve care is now a must. Because ICT has become so important for the delivery of care, healthcare institutions have become increasingly dependent on their ICT suppliers. That dependence has also increased because healthcare
software as a medical device in light of the new MDR: 12 points of consideration for developers (part 2 of 3)
On May 26, 2021, the Medical Device Regulation (EU 2017/745), better known as the Medical Devices Regulation (“MDR“), became applicable. The MDR builds on the old rules on medical devices, but at the same time is much more than the result of polishing up those old rules. The MDR brings change. Especially for developers of medical software
new EU Standard Contractual Clauses for transfers of personal data to third countries
On 4 June 2021, the European Commission published a new model contract for the transfer of personal data to countries outside the European Economic Area (EEA). This article discusses the consequences of this for daily practice. In a nutshell The new model contract can be used for the concerned international transfers as from 27 June
personal data breach notification: an update
The General Data Protection Regulation (‘GDPR’) entered into force over three years ago. At the time, in our GDPR blog series, we explained the most important changes the GDPR would bring about for organisations, including changes relating to the personal data breach notification and the competence of the national supervisory authorities to impose fines. In
software as a medical device in light of the new MDR: 12 points of consideration for developers (part 1 of 3).
On May 26, 2021, the time had finally come. More than four years after its adoption, the Medical Devices Regulation (EU 2017/745) (“MDR“) became applicable. The fact that it took so long for the MDR to become applicable was in part due to the corona crisis. As a result, it was decided to delay the
intellectual property rights after Brexit in a nutshell
On 24 December 2020, the negotiators of the European Union (‘EU’) and the United Kingdom (‘UK’) reached a Brexit deal containing the new rules that will apply between the EU and the UK from 1 January 2021. Although the European Parliament has yet to give its final approval to the Trade and Cooperation Agreement, the
