Is your business ready for the AI Act? As of February 2, 2025, businesses operating in the EU must ensure that their employees are AI-literate in accordance with the AI Act. This means that anyone working with AI, whether developing, implementing, or using AI-driven tools, must have the necessary knowledge, skills, and ethical awareness to […]
Dutch DPA
Legitimate Interest: new CJEU ruling challenges Dutch Authority’s strict interpretation
On October 4, 2024, the Court of Justice of the European Union (CJEU) issued a ruling in the case C-621/22, addressing whether purely commercial interests can qualify as a legitimate interest for processing personal data under Article 6 para. 1 lit. f of the General Data Protection Regulation (GDPR). This decision challenges the strict stance […]
Delay in reporting a data breach caused a fine of over €400,000 to Booking.com.
The Dutch Data Protection Authority has recently issued a fine of €475,000 to the online touristic operator Booking.com for having notified a data breach to the DPA with a sensible delay. The data breach The staff of about 40 Hotels located in the United Arab Emirates were cheated by a telephone scam and convinced to […]
Common trend in the health-industry?
Fine of 440.000 EUR imposed by Autoriteitspersoonsgegevens on Dutch Hospital. Back in the lovely Spring of 2019, the Autoriteitspersoongegevens (‘AP’) started investigations against the Onze Lieve Vrouwen Gasthuis (‘OLVG’). The OLVG is an educational hospital that has two locations in Amsterdam and holds more than 550.000 patients on an annual basis. After the AP got […]
Dutch DPA imposes fine on company using fingerprint technology for attendance and time registration
The Autoriteit Persoonsgegevens, Dutch data protection authority, imposed a fine on a company, which relied on scanning their employees’ fingerprints for attendance and time registration.[1] Facts in a nutshell In the case at hand, the respective company introduced the new fingerprint system in order to reduce the fraudulent abuse of the previous attendance and time […]
Digital marketing as a legitimate interest? Dutch DPA clarifies.
On the first of November the Dutch DPA (Autoriteit Persoonsgegevens) has tried to shed some more light on the subject of the legitimate interest as a lawful ground of processing. Besides reconfirming the common understanding and best practices, the Dutch DPA clarifies the legal basis for direct marketing if and to the extent, that the […]
The “Cookiewall” crumbles
The Dutch data protection authority on 7th March 2019 issued an opinion[1] on the use of so called “Cookiewalls”, deeming such practice as unlawful in light of the GDPR and announcing intensified audits in regards to the right implementation of cookies in the coming period.[2] European regulation of Cookies The first regulation of cookies at […]