On March 7, 2019, the Dutch Supervisory Authority for data protection issued guidance prohibiting the use of “cookie walls” on websites. Cookie walls require website users to consent to the placing of tracking cookies or similar technologies before allowing them access to the website. According to the regulator, it received
Continue Reading Dutch Supervisory Authority Prohibits “Cookie Walls” under GDPR
The Netherlands
Dutch Supervisory Authority Imposes GDPR Security Standard for Processing Broadly Defined Health Data
In early November, the Dutch Supervisory Authority released an injunction imposed against the public insurance body Uitvoeringsinstituut Werkgeversverzekering (“UWV”) last July.
The UWV allows employers to submit data about their employees for social security purposes. The data includes dates of employee absences due to general illness (and when an employee…
Continue Reading Dutch Supervisory Authority Imposes GDPR Security Standard for Processing Broadly Defined Health Data
Dutch Supervisory Authority Announces GDPR Investigation
On July 17, 2018, the Dutch Supervisory Authority announced that it will start a preliminary investigation to assess whether certain large corporations comply with the EU’s General Data Protection Regulation (“GDPR”) – see the official press release here (in Dutch). To that end, the authority will review the “records of…
Continue Reading Dutch Supervisory Authority Announces GDPR Investigation
EU DPA Enforcement Guidance Post-Schrems
Industry eagerly awaits further guidance from data protection authorities (“DPAs”) relating to the EU-U.S. Privacy Shield as well as on the validity (or otherwise) of other mechanisms for transfers to the U.S. such as standard contractual clauses (“SCCs”) and binding corporate rules (“BCRs”). As we explained in recent posts (here and here), publication of an opinion by the Article 29 Working Party, representing, among other things, the EU’s data protection authorities, is a key next step that will shape enforcement and data transfer options for companies in the post-Schrems environment. Until then, here is a summary of the approach that some of the national DPAs are taking:
Continue Reading EU DPA Enforcement Guidance Post-Schrems