Posted in Privacy

De positie en plichten van de verwerker onder de AVG

A list of duties of the Data Processor under the upcoming EU GDPR, like:

  • adoption of security measures (encrypt data, ensuring data is not lost in incidents plus testing/assessing security)
  • ban to adopt a sub-processor
  • to report data breach within 72 hours
  • adoption of a processing register where to report sistematically processed data


Posted in Privacy

Consumentenbond: Cookies plaatsen? Toestemming vragen!

Niece piece from the Netherlands on Cookies.

Lots of websites nowadays are still fully uncompliant to the due regulation which, by the way, doesn’t apply exclusively to cookies, but also to javascript, e-mail pixels, web beacons and browser fingerprint, only whether the service:

(i) is necessary to carry out communication,

(ii) is necessary for the service requested by the visitor, or

(iii) is used to obtain information about the quality or effectiveness of the service under the additional condition that this has no or very limited privacy impact. It therefore depends on the nature and purpose of the technique used.


Posted in Employment Law, Privacy

Supreme Court rules on monitoring of employee WhatsApp conversations

In this case, various employees took part to a group conversation via Whatsapp where they coplained about ther employer’s salary policy and working conditions.

One of these employee shared the conversation with the employer, which, in turn, fired the complaining employee (alleging the trust tie was broken) and issued a warning for the notifier.

The court ruled that such conversation took place outside working time and did not affect their performance.
Therefore, there is an unjustified reason for employer to hold such chat which have also been illegally obtained, by breaching the applicable privacy law.


Posted in Privacy

Toestemming voor het verwerken van persoonsgegevens onder de nieuwe privacywet

The Netherlands: a nice reminder about the upcoming EU GDPR.

  • A question mark must be avilable and clickable to illustrate more information about what is happening to the personal data,
  • Instead of the common “If you do not accept the cookies, some parts of the website will work less well.”, do specify which parts are you talking about,
  • Replace “for example” and “among others” with specific data,
  • Clearly indicate what is the result in lack of consentment. E.g., in a navigation app, by swithing your location off, users can’t pinpoint the route in real time anmore.


Posted in Privacy

Facing privacy suits about facial recognition

Collection of such personal data is on the rise, especially at platforms and tech companies like Facebook and Apples.
Cases and legislation is increasgin too, therefore companies are recommended to keep an eye on it.

The case in this article reverts on (among the other points) whether collection of biometric data from photos stored online can be included in the range of application of the law of Illinois.

Watch out: similar legislation is currently enacted in Texas, Illinois and Texas and similar one is being discussed in New Hampshire, Connecticut, Alaska, Montana and Michigan.


Posted in Privacy


UK: A new draft Bill allows for exceptions tothe upcoming EU GDPR law:

  • by journalists, whether necessary for freedom of expression,
  • by museums and universities whether necessary for scientific and historical research purposes,
  • by national anti-doping organisations to tackle drug cheating,
  • by financial services bodies suspecting terrorist financing or money laundering
  • regarding criminal conviction data, by employers where this is necessary to fulfil its obligations under employment law,
  • regarding child protection
  • if in order to prevent and detect fraud