Joke Bodewits of Hogan Lovells writes:
On 1 May 2024, the Dutch Data Protection Authority (DPA) issued guidelines on data scraping used by private organisations in relation to GDPR principles including ‘lawfulness’. The guidelines could affect the way GenAI business should govern their data scraping processes. However it is questionable whether these guidelines will persevere if challenged in court, given that the European Commission (EC) already criticized the Dutch DPAs interpretation that data processing for purely commercial interests can never be based on a company’s legitimate interest. As set out in our earlier blog here, the EC has invited the Dutch DPA to change its views, but so far, the Dutch DPA indicated that it stands by its position until the European Court of Justice (ECJ) rules otherwise. In this critical analysis we will challenge the views of the Dutch DPA.
Read the post at Engage.