Your leading law firm for IT, privacy and digital transformation

transfer of personal data after Brexit

The United Kingdom (‘UK’) left the European Union (‘EU’) on 31 January 2020. There is a transition period until 31 December 2020. Until then the UK will continue to comply with all EU laws and legislation. What will happen after this period is still not clear yet. Deal or no deal? It is however certain

Dutch District Court nullifies decision on administrative fine under the GDPR

On 23 November 2020 a Dutch District Court (‘Court’) nullified a decision of the Dutch Data Protection Authority to impose an administrative fine on a company called VoetbalTV. This is the first Dutch judgment on fines under the General Data Protection Regulation (‘GDPR’).  What happened? The now bankrupt VoetbalTV (in English: FootballTV) was an internet

action against online offers of counterfeit leaves much to be desired

React – an international organization that acts against counterfeit on behalf of more than 300 members including Adidas, Chanel, Secrid and Apple – criticized the fight against counterfeit by in Het Financieele Dagblad earlier this month. Effective handling of reports about online offers of counterfeit products is crucial. Earlier this year we wrote about the

use of corona rapid tests in an employment context (part 3)

Last weekend a Dutch newspaper reported that many companies are losing sleep over the lockdown and the lack of testing capacity. Not surprisingly more and more organisations are considering to take the testing of employees into their own hands. Especially the use of corona rapid tests is often mentioned. But is the use of those

use of corona rapid tests in an employment context (part 2)

Earlier we wrote about the use of corona rapid tests in an employment context. Due to a lack of testing capacity, people sometimes have to stay at home for several days at a time. As a result, organisations are struggling with a lack of employees in the workplace. This has particularly serious consequences for sectors

use of corona rapid tests in an employment context (part 1)

Testing. Testing. Testing. This is the current motto of the Dutch government. Even in case of mild complaints. Unfortunately, there appears to be a great lack of testing capacity at the moment. As a result, people have to stay at home for several days at a time. As a result, organisations are struggling with a

chronicle GDPR case law May 2018 – May 2020 in the Netherlands

Over the past two years, more than 300 judgments on the GDPR have been published on A number of rulings are interesting, others are predictable and in a number of cases the judge does not seem to apply the GDPR correctly. For anyone who may have missed a number of judgments, this chronicle lists

Privacy Shield invalid: what to do?

On 16 July 2020, the Court of Justice of the European Union (‘EUCJ’) ruled that the Privacy Shield does not comply with the General Data Protection Regulation (GDPR). This is important news for organizations that currently still base the transfer of personal data to organizations in the US on the Privacy Shield. Since this ruling,

software as security in bankruptcy

How specific must software be described in a deed of pledge in order to be able to offer a creditor security in the event of bankruptcy? This question was at stake in the judgement of the Dutch Supreme Court in the ING/Schepel-case of 3 April 2020 (ECLI:NL:HR:2020:590). Case facts CompLions is a software company. ING

the e-Privacy Regulation: situation in 2020

The e-Privacy Regulation (the ‘Regulation’) seems to have become a never ending story for the European Union. The Regulation aims to modernize the rules for traditional telecom companies and to extend the scope of application to new communication services such as Skype, Whatsapp and Facebook. The Regulation also gives conditions for placing cookies, direct marketing

Dutch Data Protection Authority imposes hefty fine on Tennis Union

The Dutch Data Protection Authority (‘DPA’) imposed an administrative fine of € 525,000 on the Dutch Tennis Union for selling the personal data of its members to two sponsors. These sponsors approached part of these members with (tennis related) offers. Below we will discuss several interesting points from the DPA’s decision. (Co-)controllership The Tennis Union

new European rules to protect businesses against Online platforms

Nowadays, companies offer their goods and services en masse over the internet. So-called ‘online intermediation services’ (hereinafter: ‘Online platforms’) such as and have responded by facilitating this step for smaller providers. Currently, more than one million companies in the EU reach their customers through Online platforms. Online platforms have thus become crucial to

pre-checked box is not legally valid consent for cookies

In the so-called Planet49-judgment (C-673/17) the Court of Justice of the EU (hereafter: ‘the Court’) recently ruled on the way in which consent for the storage of tracking cookies must be granted by a website visitor. Below you will find a desciption of the most important points from this judgment and is discussed what this

geoblocking: allowed?

On 3rd December 2018, the Geoblocking Regulation entered into force. The purpose of the Geoblocking Regulation is to reduce unjustified geoblocking within the EU. After all, blocking online access to goods or services can lead to an obstruction of the (digital) internal market within the EU. What is geoblocking? Geoblocking occurs when a trader from

are housing corporations allowed to register and share blacklists?

Organisations in different professions use blacklists to warn each other about people who are causing nuisance. This also applies to housing corporations. But is that always allowed? Is the privacy of the people on such lists not infringed? What is a blacklist? Housing corporations can benefit from refusing former tenants who have shown criminal, unlawful