162 results Compensation after infringement of the General Data Protection Regulation: European developments The General Data Protection Regulation (GDPR) is one of the most significant development in the European data strategy in the past years and is continuously evolving. Online platforms and uploading of protected works: no direct liability for operators of online platforms According to the Advocate General, operators of online platforms are not directly liable for the illegal uploading of protected works by the users of those platforms. Securing your data transfers after Schrems II The European Court of Justice has issued a landmark judgement in the Schrems II-case that reshapes data transfer rules from EU to non-adequate third countries, impacting the regulatory landscape significantly. ICO to impose record-breaking fines for inadequate security measures and data breaches Though the European data protection authorities have taken their time in enforcing the GDPR two announcements by the ICO in the UK regarding proposed fines for British Airways and Marriott demonstrate that large fines are about to start landing regularly. Part three - GDPR and Public Law: To retroact or not? Nearly a year after the GDPR took effect, questions have emerged about its interaction with public law. This three-part blog series "GDPR and Public Law" explores three key issues regarding its impact on public law and government. Part two - GDPR and Public Law: Data protection in public procurement Nearly a year after the GDPR took effect, questions have emerged about its interaction with public law. This three-part blog series "GDPR and Public Law" explores three key issues regarding its impact on public law and government. Part one - GDPR and Public Law: Applicability of GDPR to public bodies Nearly a year after the GDPR took effect, questions have emerged about its interaction with public law. This three-part blog series "GDPR and Public Law" explores three key issues regarding its impact on public law and government. Can you rely on your contract to process personal data? The EDPB adopted on 9 April 2019 a set of draft guidelines on personal data processing under Article 6(1)(b) GDPR in the context of providing online services to data subjects. Belgian law of 25 November 2018 on various provisions relating to the National Register The Belgian law of 25 November 2018 containing various provisions relating to the National Register and the population registers has amended the law of 8 August 1983 regulating the National Register and the use of the national identity number. Companies unprepared for increasing cyber risks Companies increasingly face cybercrime incidents. Stibbe offers tailor-made solutions. European Data Protection Board provides welcoming guidance on the territorial scope of the GDPR If personal data of a Korean employee working for a U.S. company is processed in the HR department in London, does the GDPR apply? Is the GPDR applicable to a Dutch customer visiting the website of a Canadian company? 15 aspects of Brexit you did not know A Brexit without a deal, or with a deal that does not cover all relevant aspects, is still a potential scenario. We have highlighted a number of unexpected legal consequences of Brexit in such a no deal or incomplete deal scenario. Afdeling formuleert toetsingskader voor de heroverweging in bezwaar van ((niet)handhavings)besluiten De Afdeling bestuursrechtspraak van de Raad van State formuleert in haar uitspraak van 28 oktober 2020 het toetsingskader voor de heroverweging op bezwaar door een bestuursorgaan bij besluiten. Uitwisseling van persoonsgegevens met het Verenigd Koninkrijk Uit de Brexit deal volgt dat gedurende de eerste 4 maanden van 2021 de doorgifte van persoonsgegevens naar het Verenigd Koninkrijk (“VK”) nog op dezelfde manier mag plaatsvinden als voorheen. Belgian data protection authority fines hospital after data breach for taking insufficient data protection measures In 2021, a Belgian hospital fell victim to a ransomware attack that disrupted critical operations and compromised the personal data of 300,000 people. As a result, the Belgian data protection authority imposed a fine of €200,000 three years later. Legal Considerations for Artificial Intelligence in the Life Sciences Sector This blogpost explores the evolving legal landscape governing AI in life sciences, with a focus on medical device regulation, data protection and intellectual property. New EDPB statement on implementation of PNR directive: impact and recommendations The European Data Protection Board (EDPB) approved a new statement regarding the application of the PNR directive, in light of the ruling of the Court of Justice of the EU (CJEU) in case C-817/19. Key takeaways and insights from the EDPB Pseudonymisation Guidelines On 16 January, 2025, the EDPB released its guidelines on pseudonymisation. These guidelines are not yet finalized, as they remain open for public consultation until 28 February. In this blogpost, we highlight the key takeaways. Pagination Previous page Page 3 Current page 4 Page 5 Page 6 Next page
Compensation after infringement of the General Data Protection Regulation: European developments The General Data Protection Regulation (GDPR) is one of the most significant development in the European data strategy in the past years and is continuously evolving.
Online platforms and uploading of protected works: no direct liability for operators of online platforms According to the Advocate General, operators of online platforms are not directly liable for the illegal uploading of protected works by the users of those platforms.
Securing your data transfers after Schrems II The European Court of Justice has issued a landmark judgement in the Schrems II-case that reshapes data transfer rules from EU to non-adequate third countries, impacting the regulatory landscape significantly.
ICO to impose record-breaking fines for inadequate security measures and data breaches Though the European data protection authorities have taken their time in enforcing the GDPR two announcements by the ICO in the UK regarding proposed fines for British Airways and Marriott demonstrate that large fines are about to start landing regularly.
Part three - GDPR and Public Law: To retroact or not? Nearly a year after the GDPR took effect, questions have emerged about its interaction with public law. This three-part blog series "GDPR and Public Law" explores three key issues regarding its impact on public law and government.
Part two - GDPR and Public Law: Data protection in public procurement Nearly a year after the GDPR took effect, questions have emerged about its interaction with public law. This three-part blog series "GDPR and Public Law" explores three key issues regarding its impact on public law and government.
Part one - GDPR and Public Law: Applicability of GDPR to public bodies Nearly a year after the GDPR took effect, questions have emerged about its interaction with public law. This three-part blog series "GDPR and Public Law" explores three key issues regarding its impact on public law and government.
Can you rely on your contract to process personal data? The EDPB adopted on 9 April 2019 a set of draft guidelines on personal data processing under Article 6(1)(b) GDPR in the context of providing online services to data subjects.
Belgian law of 25 November 2018 on various provisions relating to the National Register The Belgian law of 25 November 2018 containing various provisions relating to the National Register and the population registers has amended the law of 8 August 1983 regulating the National Register and the use of the national identity number.
Companies unprepared for increasing cyber risks Companies increasingly face cybercrime incidents. Stibbe offers tailor-made solutions.
European Data Protection Board provides welcoming guidance on the territorial scope of the GDPR If personal data of a Korean employee working for a U.S. company is processed in the HR department in London, does the GDPR apply? Is the GPDR applicable to a Dutch customer visiting the website of a Canadian company?
15 aspects of Brexit you did not know A Brexit without a deal, or with a deal that does not cover all relevant aspects, is still a potential scenario. We have highlighted a number of unexpected legal consequences of Brexit in such a no deal or incomplete deal scenario.
Afdeling formuleert toetsingskader voor de heroverweging in bezwaar van ((niet)handhavings)besluiten De Afdeling bestuursrechtspraak van de Raad van State formuleert in haar uitspraak van 28 oktober 2020 het toetsingskader voor de heroverweging op bezwaar door een bestuursorgaan bij besluiten.
Uitwisseling van persoonsgegevens met het Verenigd Koninkrijk Uit de Brexit deal volgt dat gedurende de eerste 4 maanden van 2021 de doorgifte van persoonsgegevens naar het Verenigd Koninkrijk (“VK”) nog op dezelfde manier mag plaatsvinden als voorheen.
Belgian data protection authority fines hospital after data breach for taking insufficient data protection measures In 2021, a Belgian hospital fell victim to a ransomware attack that disrupted critical operations and compromised the personal data of 300,000 people. As a result, the Belgian data protection authority imposed a fine of €200,000 three years later.
Legal Considerations for Artificial Intelligence in the Life Sciences Sector This blogpost explores the evolving legal landscape governing AI in life sciences, with a focus on medical device regulation, data protection and intellectual property.
New EDPB statement on implementation of PNR directive: impact and recommendations The European Data Protection Board (EDPB) approved a new statement regarding the application of the PNR directive, in light of the ruling of the Court of Justice of the EU (CJEU) in case C-817/19.
Key takeaways and insights from the EDPB Pseudonymisation Guidelines On 16 January, 2025, the EDPB released its guidelines on pseudonymisation. These guidelines are not yet finalized, as they remain open for public consultation until 28 February. In this blogpost, we highlight the key takeaways.