Your leading law firm for IT, privacy and digital transformation
Contact us

DORA: ‘Technical Standards,’ new pieces of the puzzle

The Digital Operational Resilience Act (“DORA”) aims to harmonize rules related to digital resilience for the financial sector. DORA applies to 21 different types of financial entities. As of January 17, 2025, DORA is effective. Earlier we reported on DORA and the impact DORA will have on contracting with IT suppliers. The latter is part

What issues housing associations face under the GDPR

Housing corporations have a special position under the law. For example, the housing corporation’s task is to allocate rental housing appropriately and provide a certain level of living enjoyment to residents. In performing its duties, a housing corporation obtains and processes various personal data from its (potential) tenants. In many cases, there is a need

The AI regulation: from transparency obligations to banning AI with unacceptable risks

Chat GPT, Bard and Gemini, artificial intelligence (“AI”) is increasingly being used in contemporary life, but with new innovations also come new risks. For example, there is a lack of transparency about how AI output is created, but it is also the question whether privacy and the protection of personal data are adequately safeguarded. This

Annual Review IT 2023

In the Annual Review IT 2022, we saw many legislative initiatives from the European Union in the field of data and digitization. By 2023, many of these initiatives have been turned into final directives or regulations that will come into force in the coming years. In this annual review IT 2023, we give a view

Announcement of monthly ‘chef’s table’ meetings Turing Law

Starting Feb. 27, we will organize monthly professional consultations that you can join. During the meeting, one or more lawyers will talk about a particular topic. Read more below or register immediately via our website.  The chef’s table: meetings on various legal topics The chef’s table is also described as the heart of a restaurant.

Annual Review of Privacy 2023

In the year 2023, legislators, the judiciary and regulators were frequently busy in the field of privacy and data protection. Meanwhile, the AVG celebrated its fifth anniversary which provided a moment to look back and look forward. Or as AP Chairman Aleid Wolfsen described it: reason to celebrate and reflect. Wolfsen predicted a changing role

AVDR: Journal IT and Data October 31

On October 31, Esmee Fonville and Tom de Wit presented their second IT and Data journal. This time the topic was current IT case law. Esmee and Tom elaborated on several recent rulings on agile methodology, creditor default, IT vendor’s duty of care and IT procurement. In our next journal, we will take a closer

AVDR: Journal IT and DATA, August 29

On August 29, Esmee Fonville and Tom de Wit conducted the first journal ‘IT and data law journal’. Topic of this journal was “Duty of Care of the IT Supplier. After explaining the subject and the importance of the IT supplier’s duty of care, recent case law surrounding the duty of care was discussed. Using

Dutch Supreme court on GDPR civil enforcement of data subjects’ rights, repeating requests and the six-week deadline

In a recent judgment, the Dutch Supreme Court ruled (available in Dutch only) on a number of procedural aspects for the exercise of data subjects’ rights under the General Data Protection Regulation Act (“GDPR“) and the national implementation thereof. This regards the civil enforcement of data subjects’ rights, “repeated” requests and what effect is of

Turing Law provides growing technology practice with arrival of new partner

Turing Law welcomes Jeroen van Woezik as a new partner. Jeroen van Woezik is the founder of Lawrence Privacy (Due Diligence) & Tech. A firm that specializes in supporting tech M&A transactions. Huub de Jong “Jeroen has years of experience in project-based advising and supporting his clients with privacy and IT projects. With Jeroen’s arrival,

IT conflict escalated? IT mediation may be the solution

IT projects can be complex and although supplier and customer like to regard each other as partners, interests diverge. This can cause IT projects to come under pressure or actually derail as a result of differences of opinion about the scope, price and/or delivery date of the project. Mediation: when is it useful? If parties

Recap Turing Summer Drinks 2023

On Wednesday 16 August 2023, the now traditional Turing Summer Drinks took place. Whereas last year we celebrated the start of our office, this time we could proudly toast on the expansion of our team and the move to new premises. As in previous years, we met again yesterday at Pavlov restaurant in The Hague,

DORA: the implication for the IT-supplier, PART II

In PART I of our blog series, we outlined the framework of the Digital Operational Resilience Act (‘DORA’). In this second part of our blog series about DORA, we focus on the implications or impact DORA has for normal IT-suppliers. Normal opposes those IT-suppliers providing ‘critical’, ‘important’ or ‘systemic’ IT-services for which a stricter regime

Burden of proof in a claim of information breach

The burden of proof following the Facebook ruling On March 15, 2023, the District Court of Amsterdam issued a ruling in a class action against Facebook (ECLI:NL:RBAMS:2023:1407). This is an interesting ruling, because the court discusses in detail the application of the GDPR, such as the possible joint processing responsibility within the Facebook group and

DORA: the implication for ICT and cloud suppliers, PART I

In a previous blog we have informed you about the EIOPA guidelines, which contain guidelines for insurance companies for the outsourcing to providers of existing and new cloud services. However, these are only mere guidelines addressing very particular services for a limited type of entities in the financial sector, namely insurance companies. Already in 2019

How do judges rule on GDPR right to access requests? Copy or no copy?

The Court of Justice of the EU has clarified whether the right of access from Article 15(3) GDPR also gives a right to a copy of the documents in which the personal data are recorded. This is only the case if that copy is necessary for an understandable and verifiable right of access by the data subject.

Update on the use of cookies

The rules for being allowed to store and retrieve cookies are laid down in European and national laws and regulations. The rules specifically for cookies are based on the European ePrivacy Directive, which has been implemented in the Netherlands in the Dutch Telecommunications Act (art. 11.7a). The rules concerning the processing of personal data –

How should online search engine operators deal with requests for removal of links to (allegedly) inaccurate or fake third-party content?

Online search engine operators (‘search engines’) are often faced with individuals (applicants) requesting that an online negative publication or review about them no longer be indexed (linked) in the engine operator’s search results. In doing so, it is often argued that that negative publication or review would contain inaccurate or false information. For example, a