your leading law firm for IT, privacy and digital transformation

Seminar “Duty of Care and IT Supplier”

In conflicts between IT suppliers and their customers, we increasingly notice that the special duty of care of the supplier is invoked. What is the impact of the duty of care on the interpretation of the agreement between parties? Does it bring unpredictable obligations for ICT suppliers? Is it a legitimate fallback option for inexperienced

EU Data Act part II: unfair terms on access to and use of data between companies

The European Commission is building a European data economy. Within its Digital Single Market strategy, the European Commission is trying to stimulate data exchange within the EU through policy and regulation. In this context, on February 23, 2022, the European Commission presented its proposal for the EU Data Act (“Data Act”). The Data Act follows

Proposed guidelines for the imposition of fines

The European Data Protection Board (‘EDPB’), composed of representatives of the EU national data protection authorities has drafted new guidelines with respect to the calculation of fines in case of non-compliance of the General Data Protection Regulation (‘GDPR’). These Guidelines complement the previously adopted Guidelines on the application and setting of administrative fines dating from 2016, which focus on the circumstances in which to impose a fine. This post outlines the main elements of the proposed guidelines and sets out the differences with the current national guidelines.

As of 28 May 2022, the legislator sets strict requirements for online reviews

Consumers are increasingly searching for, comparing and purchasing products and services online. They more and more rely on reviews and recommendations from other consumers. However, these consumer reviews are not always reliable. For example, sometimes positive reviews remain online longer than negative reviews, or consumers even receive a form of reward in exchange for a

legal cloudsourcing strategy

Our 10 key lessons learned contracting model – customers may contract with a cloud service provider directly or indirectly via a cloud reseller / integrator, although in practice it is not always very clear which parties are contracting with each other for which type of services (cloud-, maintenance / support – or professional services) and

Turing Law: a new technology firm

As of April 1, 2022, lawyers Tom de Wit, Huub de Jong, Esmée Fonville, Marijn Rooke and Moo Miero will continue their practice under the new name Turing Law, supported by Morgan Remijnse as office manager. Turing Law is an independent boutique firm specializing in IT, data, privacy and digital transformation. Developments in these areas

Ask your questions to our specialists

data act: another building block for the eu data strategy

Data has become increasingly important to achieve the social and commercial goals of companies and other organisations. The European Commission expects the data economy in the EU to be worth €829 billion by 2025. In order to achieve effective data governance, every organisation will have to go through a number of steps. A good understanding of

annual update IT & IT outsourcing

In her State of the Union, the President of the European Commission called for additional efforts to shape the digital transformation, because “digital technology makes the difference between success and failure”. A related theme in the policy of the European Commission remains cyber security, which is reflected in the many initiatives in this area. In

annual update data privacy

The General Data Protection Regulation celebrated its third anniversary in 2021.  Privacy is a subject that is now on the agenda of most organisations. Moreover, the developments in this area of law are moving fast. The European and national legislators are not sitting still, and the same can be said of the supervisory authorities. Also,

look before you leap: avoid (too) strong dependence on your ICT supplier

Healthcare processes are rapidly digitising and the Corona pandemic has only accelerated this process. The use of ICT to support or improve care is now a must. Because ICT has become so important for the delivery of care, healthcare institutions have become increasingly dependent on their ICT suppliers. That dependence has also increased because healthcare

software as a medical device in light of the new MDR: 12 points of consideration for developers (part 2 of 3)

On May 26, 2021, the Medical Device Regulation (EU 2017/745), better known as the Medical Devices Regulation (“MDR“), became applicable. The MDR builds on the old rules on medical devices, but at the same time is much more than the result of polishing up those old rules. The MDR brings change. Especially for developers of medical software

personal data breach notification: an update

The General Data Protection Regulation (‘GDPR’) entered into force over three years ago. At the time, in our GDPR blog series, we explained the most important changes the GDPR would bring about for organisations, including changes relating to the personal data breach notification and the competence of the national supervisory authorities to impose fines. In

intellectual property rights after Brexit in a nutshell

On 24 December 2020, the negotiators of the European Union (‘EU’) and the United Kingdom (‘UK’) reached a Brexit deal containing the new rules that will apply between the EU and the UK from 1 January 2021. Although the European Parliament has yet to give its final approval to the Trade and Cooperation Agreement, the

the e-Privacy Regulation: will it come after all?

Last year, we wrote that the e-Privacy Regulation was becoming a headache for the European Union and we wondered aloud whether the regulation would ever come into being. The latter now seems to be a step closer. The European Commission (‘EC’) published a revised text proposal on 5 January 2021 and not long afterwards, on

the right to be forgotten of search results

The right to be forgotten was introduced in the Google/Costeja judgement of 13 May 2014. In response, Google created a request form for individuals to request the removal of specific search results that appear when their name is searched on in Google’s search engine. Since then, nearly one million removal requests have already been submitted

transfer of personal data after Brexit (part 2)

Earlier we wrote about the consequences for the transfer of personal data to (organisations in) the UK in the event of a no-deal-Brexit. It is now known that a deal has been concluded between the EU and the UK. Below we will explain what has been agreed on the transfer of personal data since 1

transfer of personal data after Brexit

The United Kingdom (‘UK’) left the European Union (‘EU’) on 31 January 2020. There is a transition period until 31 December 2020. Until then the UK will continue to comply with all EU laws and legislation. What will happen after this period is still not clear yet. Deal or no deal? It is however certain

Dutch District Court nullifies decision on administrative fine under the GDPR

On 23 November 2020 a Dutch District Court (‘Court’) nullified a decision of the Dutch Data Protection Authority to impose an administrative fine on a company called VoetbalTV. This is the first Dutch judgment on fines under the General Data Protection Regulation (‘GDPR’).  What happened? The now bankrupt VoetbalTV (in English: FootballTV) was an internet

guidelines for outsourcing to providers of existing and new cloud services

From 1 January 2021, insurance and reinsurance undertakings (‘Undertakings’) are subject to Guidelines for outsourcing to cloud service providers (‘Providers’). The Guidelines have been issued by EIOPA (‘Guidelines’). EIOPA is the European Supervisory Authority for Occupational Pensions and Insurance, an independent body that advises the European Commission, the European Parliament and the Council of Europe.

action against online offers of counterfeit leaves much to be desired

React – an international organization that acts against counterfeit on behalf of more than 300 members including Adidas, Chanel, Secrid and Apple – criticized the fight against counterfeit by Bol.com in Het Financieele Dagblad earlier this month. Effective handling of reports about online offers of counterfeit products is crucial. Earlier this year we wrote about the

use of corona rapid tests in an employment context (part 3)

Last weekend a Dutch newspaper reported that many companies are losing sleep over the lockdown and the lack of testing capacity. Not surprisingly more and more organisations are considering to take the testing of employees into their own hands. Especially the use of corona rapid tests is often mentioned. But is the use of those

Ask your questions to our specialists

This site is registered on Toolset.com as a development site.