your leading law firm for IT, privacy and digital transformation

Cybersecurity on a higher level? The NIS-2 directive

In the European security agenda, originating from 2015, cybersecurity was one of the major focus areas. Since then various legislations in the field of cybersecurity have been introduced as part of the EU-strategy to make Europe more digitally resilient. Various cybersecurity incidents and an evaluation of the cybersecurity legislation in place since 2015, have urged

Recap Turing Summer Drinks

Thursday, August 25, 2022 the time had finally come: the Turing Summer Drinks! To toast to the recent start of our office and celebrate the summer together, we gathered in the beautiful restaurant Pavlov next to the Nieuwe Kerk in The Hague. We were pleasantly surprised to see both old acquaintances and new faces. After

Recap seminar ‘duty of care and IT supplier’

On Thursday 14 July 2022, Tom de Wit and Esmée Fonville held a seminar in Eindhoven on the ‘duty of care of the IT supplier‘. The attendees all come into contact with (large) IT projects in practice, as customer, supplier or consultant. It is important for them to know what can be expected from an

Seminar “Duty of Care and IT Supplier”

In conflicts between IT suppliers and their customers, we increasingly notice that the special duty of care of the supplier is invoked. What is the impact of the duty of care on the interpretation of the agreement between parties? Does it bring unpredictable obligations for ICT suppliers? Is it a legitimate fallback option for inexperienced

Proposed guidelines for the imposition of fines

The European Data Protection Board (‘EDPB’), composed of representatives of the EU national data protection authorities has drafted new guidelines with respect to the calculation of fines in case of non-compliance of the General Data Protection Regulation (‘GDPR’). These Guidelines complement the previously adopted Guidelines on the application and setting of administrative fines dating from 2016, which focus on the circumstances in which to impose a fine. This post outlines the main elements of the proposed guidelines and sets out the differences with the current national guidelines.

As of 28 May 2022, the legislator sets strict requirements for online reviews

Consumers are increasingly searching for, comparing and purchasing products and services online. They more and more rely on reviews and recommendations from other consumers. However, these consumer reviews are not always reliable. For example, sometimes positive reviews remain online longer than negative reviews, or consumers even receive a form of reward in exchange for a

legal cloudsourcing strategy

Our 10 key lessons learned contracting model – customers may contract with a cloud service provider directly or indirectly via a cloud reseller / integrator, although in practice it is not always very clear which parties are contracting with each other for which type of services (cloud-, maintenance / support – or professional services) and

Turing Law: a new technology firm

As of April 1, 2022, lawyers Tom de Wit, Huub de Jong, Esmée Fonville, Marijn Rooke and Moo Miero will continue their practice under the new name Turing Law, supported by Morgan Remijnse as office manager. Turing Law is an independent boutique firm specializing in IT, data, privacy and digital transformation. Developments in these areas

data act: another building block for the eu data strategy

Data has become increasingly important to achieve the social and commercial goals of companies and other organisations. The European Commission expects the data economy in the EU to be worth €829 billion by 2025. In order to achieve effective data governance, every organisation will have to go through a number of steps. A good understanding of

annual update IT & IT outsourcing

In her State of the Union, the President of the European Commission called for additional efforts to shape the digital transformation, because “digital technology makes the difference between success and failure”. A related theme in the policy of the European Commission remains cyber security, which is reflected in the many initiatives in this area. In

look before you leap: avoid (too) strong dependence on your ICT supplier

Healthcare processes are rapidly digitising and the Corona pandemic has only accelerated this process. The use of ICT to support or improve care is now a must. Because ICT has become so important for the delivery of care, healthcare institutions have become increasingly dependent on their ICT suppliers. That dependence has also increased because healthcare

the e-Privacy Regulation: will it come after all?

Last year, we wrote that the e-Privacy Regulation was becoming a headache for the European Union and we wondered aloud whether the regulation would ever come into being. The latter now seems to be a step closer. The European Commission (‘EC’) published a revised text proposal on 5 January 2021 and not long afterwards, on

guidelines for outsourcing to providers of existing and new cloud services

From 1 January 2021, insurance and reinsurance undertakings (‘Undertakings’) are subject to Guidelines for outsourcing to cloud service providers (‘Providers’). The Guidelines have been issued by EIOPA (‘Guidelines’). EIOPA is the European Supervisory Authority for Occupational Pensions and Insurance, an independent body that advises the European Commission, the European Parliament and the Council of Europe.

action against online offers of counterfeit leaves much to be desired

React – an international organization that acts against counterfeit on behalf of more than 300 members including Adidas, Chanel, Secrid and Apple – criticized the fight against counterfeit by Bol.com in Het Financieele Dagblad earlier this month. Effective handling of reports about online offers of counterfeit products is crucial. Earlier this year we wrote about the

chronicle GDPR case law May 2018 – May 2020 in the Netherlands

Over the past two years, more than 300 judgments on the GDPR have been published on rechtspraak.nl. A number of rulings are interesting, others are predictable and in a number of cases the judge does not seem to apply the GDPR correctly. For anyone who may have missed a number of judgments, this chronicle lists

Privacy Shield invalid: what to do?

On 16 July 2020, the Court of Justice of the European Union (‘EUCJ’) ruled that the Privacy Shield does not comply with the General Data Protection Regulation (GDPR). This is important news for organizations that currently still base the transfer of personal data to organizations in the US on the Privacy Shield. Since this ruling,

software as security in bankruptcy

How specific must software be described in a deed of pledge in order to be able to offer a creditor security in the event of bankruptcy? This question was at stake in the judgement of the Dutch Supreme Court in the ING/Schepel-case of 3 April 2020 (ECLI:NL:HR:2020:590). Case facts CompLions is a software company. ING

the e-Privacy Regulation: situation in 2020

The e-Privacy Regulation (the ‘Regulation’) seems to have become a never ending story for the European Union. The Regulation aims to modernize the rules for traditional telecom companies and to extend the scope of application to new communication services such as Skype, Whatsapp and Facebook. The Regulation also gives conditions for placing cookies, direct marketing

online sales of alcohol further regulated

More and more products are being sold online. This also goes for alcoholic beverages. This is caused by the increasing digitalization of society, but also by the increased difficulty for minors to buy alcoholic beverages in supermarkets, shops, bars and restaurants. The government is trying to protect minors from alcohol consumption in two ways: discouraging

can you change or terminate an agreement with a supplier due to (the measures related to) COVID-19?

Many organisations are struggling with declining demand for their products or services because of (the measures against) the Corona virus. As a result, services and products from suppliers may become worthless. For example, because many organisations are closed down, projects are temporarily halted. Recruitment agreements for the recruitment of personnel, for example, becomes worthless as

corona virus and force majeure in commercial contracts and licenses

The Corona virus (COVID-19) is undoubtedly a circumstance that suppliers and customers have not been able to influence. But does Corona justify invoking ‘force majeure’? A few examples There are, of course, many different situations imaginable in which one of the contracting partners gets into trouble with the fulfilment of its contractual obligations. For example,

This site is registered on Toolset.com as a development site.