Header graphic for print
Global Media and Communications Watch The International Legal Blog for the Tech, Media and Telecoms Industry

Joke Bodewits

Posts by Joke Bodewits
Posted in Policy & Regulation Photo of Joke Bodewits

Dutch DPA: Banks May Not Use Payment Data for Marketing Purposes

In the wake of a recent announcement by a major Dutch bank that it would start providing its customers with personalized advertisements based on their spending patterns, the Dutch Data Protection Authority (DPA) has sent a letter to all Dutch banks urging them to thoroughly review their direct marketing practices. The DPA specifically asked any bank contemplating the use of transaction data for direct marketing to reconsider. In its analysis, the DPA may have introduced a very onerous obligation to re-collect personal data for every single use. The DPA stated

Posted in Data Protection & Privacy, Policy & Regulation Photo of Joke Bodewits

Will Widened Class Actions Regime Boost Data Litigation in the Netherlands?

On 19 March 2019, the Dutch Senate approved legislation introducing collective damages actions in the Netherlands (the “Legislation”) which will broaden the regime even further. The Legislation introduces an option to claim monetary damages in a “US style” class action, including for violations of the GDPR. This Legislation together with the mechanisms already available under Dutch law put the Netherlands at the forefront of collective redress in Europe. The Legislation is expected to enter into force in July 2019 and will apply to events which took place on or after

Posted in Cybersecurity, Data Protection & Privacy, Policy & Regulation, Privacy and Security Litigation Photo of Joke Bodewits

Dutch Data Protection Authority Sets GDPR Fines Structure

On 14 March 2019, the Dutch data protection authority (Autoriteit Persoonsgegevens, DPA) announced (in Dutch) its fining structure for violations of the European General Data Protection Regulation (GDPR) and the Dutch law implementing the GDPR (Implementation Act). The GDPR sets two levels of administrative fines that may apply depending on which GDPR provisions have been infringed: The higher of €10 million or 2% of global revenue and the higher of €20 million or 4% of global revenue. At both levels, the GDPR sets maximums for administrative fines and calls on

Posted in Cybersecurity, Data Protection & Privacy, Policy & Regulation, Privacy and Security Litigation Photo of Joke Bodewits

Dutch Data Protection Authority States Cookie Walls Violate GDPR

On 7 March 2019, the Dutch Data Protection Authority published guidance (in Dutch) that it considers “cookie walls” to violate the GDPR. A cookie wall is a pop-up on a website that blocks a user from access to the website until he or she consents to the placing of tracking cookies or similar technologies. Under current Dutch cookie law, functional and analytical cookies can be used without consent. Tracking cookies like those used for advertising may only be used if a visitor has given consent. According to the Dutch DPA, the

Posted in Data Protection & Privacy, Policy & Regulation Photo of Joke BodewitsPhoto of Patrice Navarro

Part 6: Profiling Restrictions v. Big Data

A stricter regime for profiling Profiling and Big Data analytics are set to play a pivotal role in the growth of the digital economy. From cookie-based tracking to people’s interaction through social media, the size and the degree of granularity of our digital footprints have created unprecedented opportunities for business development and service delivery. The scale of data collection, data sharing and data analysis has not gone unnoticed to public policy makers and this has led to the inclusion of special rules addressing profiling in the Regulation. In fact, from

Posted in Data Protection & Privacy, Policy & Regulation Photo of Joke Bodewits

Legislative Update: Dutch Parliament Adopts Bill on Data Breach Notification

On 26 May, the Netherlands First Chamber passed a bill requiring companies to notify the Dutch Data Protection Authority (DPA) and affected individuals of certain breaches of personal data. As we reported earlier this year, when the bill becomes law, it will be mandatory for all types of data controllers to provide these breach notifications. Failure to notify will be punishable by a maximum fine of 810,000 euros or 10% of the company’s annual turnover (i.e., revenue), whichever is greater. Importantly, the fines may not be limited only to a

Posted in Data Protection & Privacy Photo of Joke Bodewits

The Netherlands: New Rules for Cookies, Data Breaches and Fines

Recently, new rules on cookies (all links in Dutch) came into force in the Netherlands. In addition, the Dutch Second Chamber approved a draft bill to introduce a mandatory data breach notification requirement and to strengthen the Dutch Data Protection Authority’s investigative and fining powers. The new rules apply to all companies acting as a “data controller” within the meaning of the Dutch Data Protection Act. The Dutch First Chamber has announced that it plans to review this draft bill as soon as possible. New rules on cookies The most

Posted in Copyright, Internet, Policy & Regulation Photo of Penny ThorntonPhoto of Joke Bodewits

EU: Copyright Levies and the Cloud

On February 27, 2014, the European Parliament (“EP”) adopted a resolution on private copying levies, finding that a copyright levy regime is relevant in the online environment but that licensing models for streaming services (where no copy can be stored on a device) should have preference. The EP calls on the European Commission to assess the impact of the use of cloud computing technology for private recording and storage of works to determine whether a levy regime should also apply to cloud computing services.  This article looks at the EP’s