What issues housing associations face under the GDPR

Housing corporations have a special position under the law. For example, the housing corporation’s task is to allocate rental housing appropriately and provide a certain level of living enjoyment to residents. In performing its duties, a housing corporation obtains and processes various personal data from its (potential) tenants. In many cases, there is a need

Burden of proof in a claim of information breach

The burden of proof following the Facebook ruling On March 15, 2023, the District Court of Amsterdam issued a ruling in a class action against Facebook (ECLI:NL:RBAMS:2023:1407). This is an interesting ruling, because the court discusses in detail the application of the GDPR, such as the possible joint processing responsibility within the Facebook group and

How do judges rule on GDPR right to access requests? Copy or no copy?

The Court of Justice of the EU has clarified whether the right of access from Article 15(3) GDPR also gives a right to a copy of the documents in which the personal data are recorded. This is only the case if that copy is necessary for an understandable and verifiable right of access by the data subject.

Update on the use of cookies

The rules for being allowed to store and retrieve cookies are laid down in European and national laws and regulations. The rules specifically for cookies are based on the European ePrivacy Directive, which has been implemented in the Netherlands in the Dutch Telecommunications Act (art. 11.7a). The rules concerning the processing of personal data –

Annual Review of Privacy 2022

2022 was a year in which the (European) legislator, judges and regulators made plenty of noise in the field of privacy law. Numerous legislative initiatives at both the European and national levels saw the light of day, and more than once did the Dutch Data Protection Authority advise the Dutch legislator to pay more attention

GDPR & international transfer: deadline December 27, 2022

Last year, on June 4, 2021, the European Commission published a new model contract (in English: “Standard Contractual Clauses” or abbreviated “SCCs”) for the transfer of personal data to countries outside the European Economic Area (“EEA“). The old model contracts were no longer to be used for new transfers of personal data as of September