Niels Westerlaken

Case law

"Budget of substitute damages under the GDPR"

Art. 81(1) RO. Estimate of substitute damages. Substantiation of challenge to amount of damages. GDPR. (Machine translated) https://deeplink.rechtspraak.nl/uitspraak?id=ECLI:NL:HR:2023:1669

Case law

Overijssel court rules on wrongful conduct by camera use in shared space

Camera use shared space. Invasion of privacy? Unlawful conduct? (Machine translated) https://deeplink.rechtspraak.nl/uitspraak?id=ECLI:NL:RBOVE:2023:4831

Case law

Preliminary questions on access to medical records and position of care provider ECLI:NL:HR:2023:1682

Prejudicial questions (art. 392 Rv). Health law. Extrajudicial handling of medical professional liability cases. Can treating lawyer access medical records without patient's consent? Must provider take substantive position on claim if such consent is not given? (Machine translated) https://deeplink.rechtspraak.nl/uitspraak?id=ECLI:NL:HR:2023:1682

Case law

"Gelderland court protects CBR employees from stalking: remove personal data from website and ban tracking, filming and photographing"

stalking CBR employees, balancing right to privacy and freedom of expression and freedom of the press. order to remove personal data of CBR employees from website, prohibition to post personal data on websites and to follow and photograph and film employees (Machine translated) https://deeplink.rechtspraak.nl/uitspraak?id=ECLI:

Supervisory Authorities

Norway's DPA issues NOK20M data security fine

Norway's data protection authority, Datatilsynet, announced a NOK20 million fine issued to the Norwegian Labour and Welfare Administration. A Datatilsynet investigation found the agency's system measures "are not satisfactory to ensure compliance with the privacy regulations, and that the safeguarding of confidentiality in the IT systems is also not satisfactory.

Guidance

CNIL releases API data-sharing guidance

France's data protection authority, the Commission nationale de l'informatique et des libertés, published recommendations for application programming interface data sharing. The guidance states data holders must ensure the security of any data shared using API, while eliminating risks associated with sharing sensitive data.Full story https://iapp.org/news/a/

Media

Racist Technology in Action: Generative/ing AI Bias

By now we know that generative image AI reproduces and amplifies sexism, racism, and other social systems of oppression. The latest example is of AI-generated stickers in WhatsApp that systematically depict Palestinian men and boys with rifles and guns. When prompting the system on Israel, not even ‘Israeli army’ as

Guidance

AEPD releases guidance on biometric data use

Spain's data protection authority, the Agencia Española de Protección de Datos, published guidance on the use of biometric data for work and personal purposes, noting employers must follow the EU General Data Protection Regulation regardless of employee consent. The AEPD said consent is not a legal basis due to an

Media

‘Unmasking AI’ and the Fight for Algorithmic Justice

A conversation with Dr. Joy Buolamwini. By Joy Buolamwini and Nabiha Syed for The Markup on November 18, 2023 https://themarkup.org/hello-world/2023/11/18/unmasking-ai-and-the-fight-for-algorithmic-justice

Guidance

Beyond the Digital Markets Act: much more than a piece of legislation

Inês Neves (Lecturer at the Faculty of Law, University of Porto | Researcher at CIJ - Centre for Legal Research | Member of the Jean Monnet Module team DigEUCit - A Digital Europe for Citizens. Constitutional and policymaking challenges) and Luísa Amaro de Matos (LL.M. in European Legal Studies – College of

Case law

Damages: Abstract or concrete in light of the General Data Protection Regulation and anticipatory application of Art. 22(7) Rv?

Compensation law. Substitute damages. Estimate of damages. Abstract or concrete? Appeal to the General Data Protection Regulation. Art. 22 Rv. Anticipatory application Art. 22 (7) Rv from Bill on simplification and modernization of law of evidence? (Machine translated) https://deeplink.rechtspraak.nl/uitspraak?id=ECLI:NL:PHR:2023:935

Guidance

EDPB Publishes Guidelines to Clarify Scope of EU “Cookie” Notice and Consent Requirements

On November 16, 2023, the European Data Protection Board published its Guidelines 2/2023 on the Technical Scope of Art. 5(3) of the ePrivacy Directive. Continue Reading https://www.huntonprivacyblog.com/2023/11/20/edpb-publishes-guidelines-to-clarify-scope-of-eu-cookie-notice-and-consent-requirements/

Guidance

Meta’s new paywall model for ad-free contents under the radar of privacy authorities?

The response from Meta to privacy concerns was to introduce a paywall model with an ad-free subscription option for Facebook and Instagram, following significant legal scrutiny over personal data usage. After an announcement last August 2023, Meta has finally changed the legal basis used for processing its users’ data to

Media

Probe of school surveillance software finds privacy abuses, inaccurate results

An investigation into the educational technology company GoGuardian revealed the surveillance software used by schools across the country has routinely invaded students’ privacy and incorrectly flagged non-explicit content as harmful, according to an investigation by the Electronic Frontier Foundation. GoGuardian is used to surveil about 27 million students in 11,

Case law

EU Court rules on GDPR right to obtain a first copy of personal data processed free of charge

Under the General Data Protection Regulation (AVG), any person has the right to ask a processor of personal data to provide access to the personal data relating to him that are being processed. To this end, the data subject may submit a request to the processor. The data subject has

Grindr sues Norway DPA over GDPR interpretations

The dating application Grindr sued the Norwegian data protection authority, Datatilsynet, after it was fined NOK65 million for sharing user locations and advertiser information with marketing partners, NRK reports. The company alleges the authority misinterpreted the EU General Data Protection Regulation in a way that would make it difficult for

Literature

CyberEurope: The regulatory evolution of cybersecurity in Europe

We trace the regulatory evolution of cybersecurity in Europe, from the first NIS Directive to the most recent legislative proposals on the subject as part of our series of articles named CyberEurope. “Cybersecurity,” in its most common meaning, means the activity of analyzing and detecting cyber threats, and taking appropriate

Literature

EU’s policies to AI: are there blindspots regarding accountability and democratic governance?

Maria Inês Costa (PhD Candidate at the School of Law of the University of Minho. FCT research scholarship holder – UI/BD/154522/2023) ▪            In her recent State of the Union (SOTEU) 2023 speech, the President of the European Commission Ursula von der Leyen addressed several pressing issues, including artificial intelligence

Guidance

French DPA Issues Guidelines on Data Protection and AI

On October 11, 2023, the French Data Protection Authority (the “CNIL”) published a new set of guidelines addressing the research and development of AI systems from a data protection perspective.   Continue Reading https://www.huntonprivacyblog.com/2023/10/23/french-dpa-issues-guidelines-on-data-protection-and-ai/

Media

Hacker accused of breaching Finnish psychotherapy center facing 30,000 counts

Finnish prosecutors have charged a hacker on more than 30,000 counts related to allegedly breaching a Helsinki-based private psychotherapy center. The charges include attempted extortion and spreading information that violates private life, according to a statement released this week by Finland’s National Prosecution Authority. Aleksanteri Kivimäki, 26, who

Case law

Amsterdam court rejects request under the AVG

Rejection of request under the AVG (Machine translated) https://deeplink.rechtspraak.nl/uitspraak?id=ECLI:NL:RBAMS:2023:5743

Case law

"Amsterdam court bans technology company from placing tracking cookies without consent"

A technology company may no longer put tracking cookies on a man's computer and/or other devices without his consent because it violates fundamental rights and the AVG. (Machine translated) https://deeplink.rechtspraak.nl/uitspraak?id=ECLI:NL:RBAMS:2023:6530

Guidance

Rules for AI in the healthcare sector set by the Italian privacy authority

The Italian Privacy Authority issued a decalogue of rules on artificial intelligence in the healthcare that sets out principles that can be applicable to both public and private companies using AI. Artificial intelligence (AI) systems are assuming an increasingly prominent role in healthcare services, however, the use of AI in

Case law

EU Publications Office publishes Annual Report on Fundamental Rights 2023

The EU Fundamental Rights Agency's (FRA) Fundamental Rights 2023 Report provides an overview of key developments in the field in 2022, with both successes and areas of concern. The report also presents FRA's views on these developments, including a summary of the evidence supporting these views. (Machine translated) https://ecer.

Government

Overview of reporting obligations in the case of ransomware

(Machine translated) https://www.rijksoverheid.nl/documenten/rapporten/2023/10/09/tk-bijlage-3-toezegging-overzicht-meldplicht-grote-incidenten-ransomware