On May 26, 2021, the time had finally come. More than four years after its adoption, the Medical Devices Regulation (EU 2017/745) (“MDR“) became applicable. The fact that it took so long for the MDR to become applicable was in part due to the corona crisis. As a result, it was decided to delay the
intellectual property rights after Brexit in a nutshell
On 24 December 2020, the negotiators of the European Union (‘EU’) and the United Kingdom (‘UK’) reached a Brexit deal containing the new rules that will apply between the EU and the UK from 1 January 2021. Although the European Parliament has yet to give its final approval to the Trade and Cooperation Agreement, the
the e-Privacy Regulation: will it come after all?
Last year, we wrote that the e-Privacy Regulation was becoming a headache for the European Union and we wondered aloud whether the regulation would ever come into being. The latter now seems to be a step closer. The European Commission (‘EC’) published a revised text proposal on 5 January 2021 and not long afterwards, on
the right to be forgotten of search results
The right to be forgotten was introduced in the Google/Costeja judgement of 13 May 2014. In response, Google created a request form for individuals to request the removal of specific search results that appear when their name is searched on in Google’s search engine. Since then, nearly one million removal requests have already been submitted
transfer of personal data after Brexit (part 2)
Earlier we wrote about the consequences for the transfer of personal data to (organisations in) the UK in the event of a no-deal-Brexit. It is now known that a deal has been concluded between the EU and the UK. Below we will explain what has been agreed on the transfer of personal data since 1
transfer of personal data after Brexit
The United Kingdom (‘UK’) left the European Union (‘EU’) on 31 January 2020. There is a transition period until 31 December 2020. Until then the UK will continue to comply with all EU laws and legislation. What will happen after this period is still not clear yet. Deal or no deal? It is however certain
Dutch District Court nullifies decision on administrative fine under the GDPR
On 23 November 2020 a Dutch District Court (‘Court’) nullified a decision of the Dutch Data Protection Authority to impose an administrative fine on a company called VoetbalTV. This is the first Dutch judgment on fines under the General Data Protection Regulation (‘GDPR’). What happened? The now bankrupt VoetbalTV (in English: FootballTV) was an internet
action against online offers of counterfeit leaves much to be desired
React – an international organization that acts against counterfeit on behalf of more than 300 members including Adidas, Chanel, Secrid and Apple – criticized the fight against counterfeit by Bol.com in Het Financieele Dagblad earlier this month. Effective handling of reports about online offers of counterfeit products is crucial. Earlier this year we wrote about the
use of corona rapid tests in an employment context (part 3)
Last weekend a Dutch newspaper reported that many companies are losing sleep over the lockdown and the lack of testing capacity. Not surprisingly more and more organisations are considering to take the testing of employees into their own hands. Especially the use of corona rapid tests is often mentioned. But is the use of those
use of corona rapid tests in an employment context (part 2)
Earlier we wrote about the use of corona rapid tests in an employment context. Due to a lack of testing capacity, people sometimes have to stay at home for several days at a time. As a result, organisations are struggling with a lack of employees in the workplace. This has particularly serious consequences for sectors
use of corona rapid tests in an employment context (part 1)
Testing. Testing. Testing. This is the current motto of the Dutch government. Even in case of mild complaints. Unfortunately, there appears to be a great lack of testing capacity at the moment. As a result, people have to stay at home for several days at a time. As a result, organisations are struggling with a
chronicle GDPR case law May 2018 – May 2020 in the Netherlands
Over the past two years, more than 300 judgments on the GDPR have been published on rechtspraak.nl. A number of rulings are interesting, others are predictable and in a number of cases the judge does not seem to apply the GDPR correctly. For anyone who may have missed a number of judgments, this chronicle lists
Privacy Shield invalid: what to do?
On 16 July 2020, the Court of Justice of the European Union (‘EUCJ’) ruled that the Privacy Shield does not comply with the General Data Protection Regulation (GDPR). This is important news for organizations that currently still base the transfer of personal data to organizations in the US on the Privacy Shield. Since this ruling,
software as security in bankruptcy
How specific must software be described in a deed of pledge in order to be able to offer a creditor security in the event of bankruptcy? This question was at stake in the judgement of the Dutch Supreme Court in the ING/Schepel-case of 3 April 2020 (ECLI:NL:HR:2020:590). Case facts CompLions is a software company. ING
the e-Privacy Regulation: situation in 2020
The e-Privacy Regulation (the ‘Regulation’) seems to have become a never ending story for the European Union. The Regulation aims to modernize the rules for traditional telecom companies and to extend the scope of application to new communication services such as Skype, Whatsapp and Facebook. The Regulation also gives conditions for placing cookies, direct marketing
Dutch Data Protection Authority imposes hefty fine on Tennis Union
The Dutch Data Protection Authority (‘DPA’) imposed an administrative fine of € 525,000 on the Dutch Tennis Union for selling the personal data of its members to two sponsors. These sponsors approached part of these members with (tennis related) offers. Below we will discuss several interesting points from the DPA’s decision. (Co-)controllership The Tennis Union
new European rules to protect businesses against Online platforms
Nowadays, companies offer their goods and services en masse over the internet. So-called ‘online intermediation services’ (hereinafter: ‘Online platforms’) such as Booking.com and Bol.com have responded by facilitating this step for smaller providers. Currently, more than one million companies in the EU reach their customers through Online platforms. Online platforms have thus become crucial to
pre-checked box is not legally valid consent for cookies
In the so-called Planet49-judgment (C-673/17) the Court of Justice of the EU (hereafter: ‘the Court’) recently ruled on the way in which consent for the storage of tracking cookies must be granted by a website visitor. Below you will find a desciption of the most important points from this judgment and is discussed what this
geoblocking: allowed?
On 3rd December 2018, the Geoblocking Regulation entered into force. The purpose of the Geoblocking Regulation is to reduce unjustified geoblocking within the EU. After all, blocking online access to goods or services can lead to an obstruction of the (digital) internal market within the EU. What is geoblocking? Geoblocking occurs when a trader from
are housing corporations allowed to register and share blacklists?
Organisations in different professions use blacklists to warn each other about people who are causing nuisance. This also applies to housing corporations. But is that always allowed? Is the privacy of the people on such lists not infringed? What is a blacklist? Housing corporations can benefit from refusing former tenants who have shown criminal, unlawful