On January 1st 2021 the Dutch Franchise Act became effective. This blog contains an overview of the main aspects to bear in mind now that (for the first time) statutory rules apply in the Netherlands with the aim to (better) protect the interests of franchisees.

The European privacy supervisors as united in the Data Protection Board (EDPB) have published new guidelines on the concept of “controller” and “processor”. What’s new, what’s better and what’s missing? Vonne Laan and Eliëtte Vaal determined this in their opinion for the Dutch scientific journal on internet law (Tijdschrift voor Internetrecht).

Netwerk voor Ondernemende Juristen or OJ (nowadays known as WeLegal network) held an ICT expertmeeting on January 13th, last. Vonne Laan was invited to give a presentation on the requirements that apply to data processing agreements as well as other data protection agreements, and on the related negotiation tactics.

What privacy obligations do you need to comply with? That depends on your privacy position. In this White Paper, Vonne Laan sets out the new guidance on this topic step by step.

The CJEU Schrems II judgement of July 16th, 2020 affects the legitimacy of data transfers outside the EU. But what does this mean in practice? What is allowed and what is not in relation to transferring data outside the EEA? What measures can now be taken to legitimise such transfers? Read more about this in our White paper.

The use of software through the cloud entails certain risks. One of those risks is that the supplier of the cloud software may go bankrupt. If that happens, it is uncertain whether access to the cloud based software and the data stored in the cloud remains possible and uninterrupted. In practice, multiple continuity solutions have been developed to protect the interests of cloud users. The question is though, whether – and under which conditions – such solutions are legally maintainable under Dutch law.

Eliëtte Vaal will speak at the yearly two-day conference of VNG, the Association of Netherlands Municipalities.

The Data Lawyers were interviewed for a Dutch news paper (het Financieel Dagblad) in relation to the cookie consent rules.

Vonne Laan was requested to provide input on the privacy aspects in relation to smart watches.

Eliëtte Vaal and Vonne Laan both spoke at the yearly ePrivacy & Marketing Seminar of IIR.

Over the last year, various European Data Protection Authorities have focused their attention to Direct Marketing. Already, various fines have been imposed for non-compliance with the privacy rules in relation to direct marketing activities. Thus, it is ever more important to mind the rules in this respect. This update may help you achieve this. It gives an overview on in which cases consent is required, and in which cases the legitimate interest can be relied upon. (Dutch only)

Under the GDPR the Dutch Data Protection Authority has the competence to actively publish fines and guidance including the names of the alleged offender(s). The naming of offenders cam lead to reputational damage. What legal measures are present to avoid publication by the DPA? Read more on this in our blog “Naming and shaming onder de AVG: hoe zit dat eigenlijk?” (in Dutch).

Eliëtte Vaal will provide a half day course at the Berghauser Pont Academy on GDPR & CCTV.

Eliëtte Vaal and Vonne Laan wrote a blog about the changing position of the Dutch Data Protection Authority (DPA) during the COVID-19 outbreak towards measuring temperature of natural persons (Dutch only).

The use of biometric data has increased over the last years. Especially the use of facial recognition systems and fingerprint scanners. Using biometric data goes hand in hand with severe privacy risks, such as the loss of freedom, individuality and anonymity. In practice however, the privacy rules concerning the use of biometric data are ambiguous, resulting in legal uncertainty.