18 results EU Advocate General balances data protection rights against trade secrets in algorithmic credit scoring case On 16 march 2023, Advocate General Pikamäe issued his opinion on the scope of data subject rights in the context of algorithmic credit scoring. Three months after the UBO-case – Where do we stand and what’s next? This article looks at the aftermath of the UBO case invalidating the general access to UBO data, and looks at what lies ahead for companies and member states, and specifically at Belgium's recent regulatory action. Compensation after infringement of the General Data Protection Regulation: European developments The General Data Protection Regulation (GDPR) is one of the most significant development in the European data strategy in the past years and is continuously evolving. To what extent does the WAMCA procedure allow for collective actions for damages due to breaches of the GDPR? Whether it is possible to claim collective damages for an alleged breach of the GDPR by means of WAMCA proceedings has been a recent question within the mass damages practice. What information on this topic can be found in legislation, case law and litera TMT seminar series 2024 Following our successful TMT seminar series in 2023, our TMT team is happy to announce five new seminars taking place in 2024. Please find an outline of the seminars in the article below. Jan-Jaap Koningsveld strengthens TMT/IP practice Stibbe Amsterdam Stibbe Amsterdam is pleased to announce the expansion of its TMT/IP practice with the appointment of Jan-Jaap Koningsveld as counsel. Jan-Jaap Koningsveld Counsel Amsterdam Digital Law Up(to)date: The use of the free version of Google Analytics violates the GDPR The Datenschutzbehörde, the Austrian Data Protection Authority (DPA), found that the use of the free version of Google Analytics violated some provisions of the GDPR, and specifically the rules on international data transfers. Key takeaways and insights from the EDPB Pseudonymisation Guidelines On 16 January, 2025, the EDPB released its guidelines on pseudonymisation. These guidelines are not yet finalized, as they remain open for public consultation until 28 February. In this blogpost, we highlight the key takeaways. Belgian data protection authority fines hospital after data breach for taking insufficient data protection measures In 2021, a Belgian hospital fell victim to a ransomware attack that disrupted critical operations and compromised the personal data of 300,000 people. As a result, the Belgian data protection authority imposed a fine of €200,000 three years later. One year of Schrems II: a state of affairs for international data transfers International data transfers have been the subject of intense debates ever since the Court of Justice issued its landmark judgement of Schrems I, on 6 October 2015. Can you rely on your contract to process personal data? The EDPB adopted on 9 April 2019 a set of draft guidelines on personal data processing under Article 6(1)(b) GDPR in the context of providing online services to data subjects. ICO to impose record-breaking fines for inadequate security measures and data breaches Though the European data protection authorities have taken their time in enforcing the GDPR two announcements by the ICO in the UK regarding proposed fines for British Airways and Marriott demonstrate that large fines are about to start landing regularly. Launch of Metaverse blog series Stibbe launches a new blog series focusing on the legal challenges of the Metaverse. In our upcoming blog posts, we will discuss the legal challenges of NFTs, crypto-assets, Metaverse platforms, crypto exchanges, DAO, and many more. Brexit and data protection: preparing for a 'no-deal' As it stands, the UK will exit the European Union at midnight on 29 March 2019. Therefore, businesses within the UK, or with trade relations with the UK, would be best advised to assume that a no-deal Brexit is inevitable. Webinar: Responding to Personal Data Breaches in the Post-GDPR era On 24-26 March 2021, Brussels TMT partner Erik Valgaeren will address the topic 'Managing personal data breach in a complex international scenarios' during ERA's online conference 'Responding to Personal Data Breaches in the Post-GDPR era'. CJEU confirms “right of explanation” in battle between trade secrets and algorithmic transparency The CJEU's recent ruling emphasizes the GDPR's demand for algorithmic transparency in automated decisions, challenging companies to explain their logic. The decision also shows the difficulty of balancing such transparency with trade secret protection. The European Health Data Space (EHDS): new opportunities and obligations for healthcare institutions The European Health Data Space (EHDS) will enter into force on 25 March 2025. The aim of the new European Regulation (EU) 2025/327 on the EHDS is to optimise the exchange of and access to health information within the EU.
EU Advocate General balances data protection rights against trade secrets in algorithmic credit scoring case On 16 march 2023, Advocate General Pikamäe issued his opinion on the scope of data subject rights in the context of algorithmic credit scoring.
Three months after the UBO-case – Where do we stand and what’s next? This article looks at the aftermath of the UBO case invalidating the general access to UBO data, and looks at what lies ahead for companies and member states, and specifically at Belgium's recent regulatory action.
Compensation after infringement of the General Data Protection Regulation: European developments The General Data Protection Regulation (GDPR) is one of the most significant development in the European data strategy in the past years and is continuously evolving.
To what extent does the WAMCA procedure allow for collective actions for damages due to breaches of the GDPR? Whether it is possible to claim collective damages for an alleged breach of the GDPR by means of WAMCA proceedings has been a recent question within the mass damages practice. What information on this topic can be found in legislation, case law and litera
TMT seminar series 2024 Following our successful TMT seminar series in 2023, our TMT team is happy to announce five new seminars taking place in 2024. Please find an outline of the seminars in the article below.
Jan-Jaap Koningsveld strengthens TMT/IP practice Stibbe Amsterdam Stibbe Amsterdam is pleased to announce the expansion of its TMT/IP practice with the appointment of Jan-Jaap Koningsveld as counsel.
Digital Law Up(to)date: The use of the free version of Google Analytics violates the GDPR The Datenschutzbehörde, the Austrian Data Protection Authority (DPA), found that the use of the free version of Google Analytics violated some provisions of the GDPR, and specifically the rules on international data transfers.
Key takeaways and insights from the EDPB Pseudonymisation Guidelines On 16 January, 2025, the EDPB released its guidelines on pseudonymisation. These guidelines are not yet finalized, as they remain open for public consultation until 28 February. In this blogpost, we highlight the key takeaways.
Belgian data protection authority fines hospital after data breach for taking insufficient data protection measures In 2021, a Belgian hospital fell victim to a ransomware attack that disrupted critical operations and compromised the personal data of 300,000 people. As a result, the Belgian data protection authority imposed a fine of €200,000 three years later.
One year of Schrems II: a state of affairs for international data transfers International data transfers have been the subject of intense debates ever since the Court of Justice issued its landmark judgement of Schrems I, on 6 October 2015.
Can you rely on your contract to process personal data? The EDPB adopted on 9 April 2019 a set of draft guidelines on personal data processing under Article 6(1)(b) GDPR in the context of providing online services to data subjects.
ICO to impose record-breaking fines for inadequate security measures and data breaches Though the European data protection authorities have taken their time in enforcing the GDPR two announcements by the ICO in the UK regarding proposed fines for British Airways and Marriott demonstrate that large fines are about to start landing regularly.
Launch of Metaverse blog series Stibbe launches a new blog series focusing on the legal challenges of the Metaverse. In our upcoming blog posts, we will discuss the legal challenges of NFTs, crypto-assets, Metaverse platforms, crypto exchanges, DAO, and many more.
Brexit and data protection: preparing for a 'no-deal' As it stands, the UK will exit the European Union at midnight on 29 March 2019. Therefore, businesses within the UK, or with trade relations with the UK, would be best advised to assume that a no-deal Brexit is inevitable.
Webinar: Responding to Personal Data Breaches in the Post-GDPR era On 24-26 March 2021, Brussels TMT partner Erik Valgaeren will address the topic 'Managing personal data breach in a complex international scenarios' during ERA's online conference 'Responding to Personal Data Breaches in the Post-GDPR era'.
CJEU confirms “right of explanation” in battle between trade secrets and algorithmic transparency The CJEU's recent ruling emphasizes the GDPR's demand for algorithmic transparency in automated decisions, challenging companies to explain their logic. The decision also shows the difficulty of balancing such transparency with trade secret protection.
The European Health Data Space (EHDS): new opportunities and obligations for healthcare institutions The European Health Data Space (EHDS) will enter into force on 25 March 2025. The aim of the new European Regulation (EU) 2025/327 on the EHDS is to optimise the exchange of and access to health information within the EU.