Our team

A new (temporary) regime for turboliquidation

A new (temporary) regime for turboliquidation 525 400 Ekelmans Advocaten
MicrosoftTeams-image (21)
Leestijd: 4 minuten
Lesedauer: 4 Minuten
Reading time: 4 minutes

Turboliquidation, the process of swiftly winding up a legal entity, only exists in the Netherlands. Directors in countries such as Germany or England do not have this option. Turboliquidation is a coveted tool among ‘Dutch’ directors: as many as 36.456 turboliquidations took place in 2022. However, the landscape is about to change as the (prima facie restrictive) Temporary Turboliquidation Transparency Act is set to come into effect on 15 November 2023.

The quick and easy liquidation of a legal entity will soon be (partially) curtailed. On 14 March 2023, the Dutch Senate approved the Temporary Turboliquidation Transparency Act in response to concerns about fraud in turboliquidations during the corona pandemic. The aim of the law is to provide more transparency to creditors who are currently left in uncertainty following a turboliquidation. The law will be in effect for two years, with the option of a two-year extension, starting from 15 November 2023. With these impending changes, the question arises: Will turboliquidation continue to be an attractive option for the directors of Dutch BV or NV?

Turboliquidation, the process of swiftly winding up a legal entity, only exists in the Netherlands. Directors in countries such as Germany or England do not have this option.

How does turboliquidation currently work?

The current requirements for the turboliquidation of a company are simple. First and foremost, the company must find itself in a situation where it possesses no assets whatsoever—this means no inventory, cash, and outstanding receivables. To achieve this, directors initiate the process of “emptying” the company before proceeding with the turboliquidation. Subsequently, shareholders can pass a resolution of dissolution to officially terminate the company. Normally, in a standard liquidation, the liquidation phase then begins. However, in the case of turboliquidation, this phase is bypassed since the company has already been fully depleted of its assets. Consequently, the company ceases to exist immediately.

What changes for company directors and turboliquidating?

The fundamental requirements for turboliquidating a company remain unchanged. However, the director will now have to undertake additional actions. A mere report of the turboliquidation to the Chamber of Commerce will no longer suffice. Once the new law takes effect, directors must also submit supplementary documents and inform creditors accordingly.

These additional documents include:

  • A balance sheet and a statement of income and expenditure for the year in which the legal entity was dissolved, along with the previous financial year if, at the time of dissolution, annual accounts for that year have not yet been made public.
  • A description of the cause for the lack of benefits.
  • A detailed account of how the company’s income has been monetized and the proceeds distributed.
  • An explanation of the reasons why creditors remained wholly or partially unpaid.

Furthermore, the board is required to file financial statements for any previous financial years if they have not already been submitted. Additionally, the board must duly inform creditors about the filing of these documents with the Chamber of Commerce and inform them that the legal entity has been wound up.
The underlying objective of these obligations is to ensure prompt notification to creditors regarding the liquidation. Failure to fulfill these obligations could result in serious consequences for the board. In such instances, it would be considered an economic offense, subject to penalties that may include up to six months’ imprisonment, community service, or a fine of up to €22,500.

What is creditors are disadvantaged?

In the event that it comes to light that directors have caused harm to one or more creditors during the liquidation process, the court reserves the authority to impose an administration ban on those directors for a period of up to five years. The circumstances warranting such a ban include:

  • Failure of the directors to file the requisite documents with the Chamber of Commerce and neglecting to notify creditors of the ongoing liquidation.
  • Intentional actions taken by the directors prior to the turboliquidation that resulted in prejudice to one or more creditors.
  • Personal culpability of the directors for previous bankruptcy or turboliquidation occurrences, having been involved in such situations twice before.

The turboliquidation remains a useful tool despite the new requirements

The turboliquidation remains a valuable tool despite the introduction of new requirements. While the new law introduces additional obligations, turboliquidation still offers a convenient means to wind up or restructure legal entities. Shareholders should not be deterred by these new requirements, as the legislation primarily targets fraudulent activities and not those shareholders seeking a legitimate and efficient liquidation process.


If your company has a Dutch branch and you are considering restructuring or dissolution, turboliquidation could still be a viable option for you. Should you require more information on turboliquidation or have any other questions related to corporate law, I invite you to reach out for a no-obligation consultation.


Pim Lieffering is a corporate lawyer. He deals with all aspects of corporate law, from drafting and litigating on commercial contracts to advising on mergers and acquisitions. When Pim is asked a question, he always looks at the bigger picture. Because he looks just that little bit further, he regularly surprises his clients with creative solutions.

‘Duplicate Claim Detector (DCD)’ launched by Innovation Platform Verbond van Verzekeraars

‘Duplicate Claim Detector (DCD)’ launched by Innovation Platform Verbond van Verzekeraars 722 550 Ekelmans Advocaten
Blog afbeelding (500 x 400 px) (6)
Leestijd: 2 minuten
Lesedauer: 2 Minuten
Reading time: 2 minutes

Astrid van Noort was present as a speaker at the launch of the ‘Duplicate Claim Detector (DCD)’ by the Innovation Platform of Verbond van Verzekeraars.

Ekelmans Advocaten advised Verbond van Verzekeraars in the development of this Duplicate Claim Detector on a secure and responsible method of data exchange between insurers within the framework of the AVG.

With the Duplicate Claim Detector, an important tool has been developed that helps insurers prevent the payment of duplicate claims and identify potential fraud. Thereby, insurer integrity and risk management are significantly promoted.

Confidential data in good hands

Your organisation processes personal data on a large scale. You need that personal data for your core processes but you also wish to comply with all the rules and protect privacy. These two goals are not always easy to reconcile. Our lawyers can help you here.

When developing new products or services, creative solutions may sometimes be required in order to remain compliant with privacy legislation. The Ekelmans Advocaten Privacy Desk helps you use personal data optimally for commercial purposes while still guaranteeing the privacy of your customers.


Astrid van Noort is partner Insurance & Liability and strategic AVG expert for major insurers. She devises practical, workable and commercially attractive solutions to complex problems. She also specialises in personal injury, income and sickness absence insurance and health insurance.

In memoriam Adriaan de Buck

In memoriam Adriaan de Buck 2560 1804 Ekelmans Advocaten
Adriaan nieuwsbericht2

Our beloved partner and colleague Adriaan de Buck passed away on 21 December 2022. Last August he retired from his Corporate Law practice at Ekelmans Advocaten due to his illness.

Our beloved partner and colleague Adriaan de Buck passed away on 21 December 2022. Last August he retired from his Corporate Law practice at Ekelmans Advocaten due to his illness.

Adriaan was a natural unifier and optimist.
Clients and international partners speak highly of Adriaan commending him for his expertise, commitment and personal approach.
For his expert and entrepreneurial work as a lawyer and partner of our firm, we are grateful to Adriaan.

Working with Adriaan was a pleasure: he had a warm sense of humor and was a great sportsman in so many regards. From 2019, he combined his law practice with the chairmanship of his club, HBS, where he also played football.

Over a year ago, he became ill. Last summer, the whole firm bid him farewell as one of the partners of Ekelmans Advocaten. At that farewell, Adriaan recalled the many memorable times he spent with us in the long time he was part of the firm.

We cherish our fond memories of Adriaan and admire his strength and resilience in battling his  illness. Of special note is Adriaan’s unflagging interest for others, right up to the last moment.

We miss Adriaan and extend our deepest condolences to Margot, Jolein, Bram and Jip.

Netherlands UBO register temporarily closed to public, registration requirement still applies

Netherlands UBO register temporarily closed to public, registration requirement still applies 2560 1920 Ekelmans Advocaten
UBO Letter Initial Logo Design Vector Illustration
Leestijd: 2 minuten
Lesedauer: 2 Minuten
Reading time: 2 minutes

It is not acceptable that random members of the public can request (financial) information about a UBO. This has been ruled by the European Court of Justice. The Netherlands UBO register has therefore been temporarily closed to the public. What does this ruling mean and what are its implications for the UBO register?

Anti-Money Laundering and Terrorist Financing Directive

The UBO register and the obligation to register is based on the European fourth and fifth anti-money laundering directives. This directive aims to combat financial-economic crime. This could include corruption, money laundering, tax evasion, fraud and terrorist financing.

Companies have to register their ultimate beneficial owners in this UBO register. Some of the information (name, month and year of birth, nationality, state of residence, nature and extent of economic interest in the company) was, until recently, accessible to everyone. Anyone could request an extract from the UBO register for a small fee.

European Court ruling on the public nature of the UBO register

In its ruling of 22 November 2022, the European Court of Justice (ECJ) invalidated part of the European rules on the UBO register. According to the Court, public access to information on a UBO constitutes a serious interference with the fundamental rights to respect for private life and protection of personal data. It is not acceptable that random members of the public can obtain (financial) information about a UBO without having an interest related to the purpose of the directive. That is, prevention of money laundering and terrorist financing. UBOs are also particularly at risk because once provided, the data from the UBO register can be freely stored and distributed. The provision in the anti-money laundering directive that information on a UBO must be accessible to every member of the public in all cases is invalid, the Court ruled.

Consequences for the Netherlands UBO register

In the Netherlands, at the request of the Minister of Finance, the Chamber of Commerce has temporarily closed the UBO register to the public. This means that temporarily no information from the UBO register can be requested. The Court’s ruling has no impact on the obligation to register ultimate beneficial owners in the UBO register. UBO’s must register, if they have not already done so.


Ekelmans Advocaten appoints Daan Spoormans as partner

Ekelmans Advocaten appoints Daan Spoormans as partner 2085 2441 Ekelmans Advocaten
Daan Spoormans partner
Leestijd: < 1 minuut
Lesedauer: < 1 Minute
Reading time: < 1 minute

Daan Spoormans has been appointed partner at Ekelmans Advocaten as per 1 January 2022. Daan specialises in corporate law and contract law. He assists companies and insurers in complex disputes about commercial contracts. Daan also assists directors who have been accused of incorrect management.

Daan has been working at Ekelmans Advocaten since 2008. In recent years, he has built up a flourishing international practice. Due in part to his bilingual background (Dutch and German), Daan also has many clients from German-speaking countries.

Partner Corporate/German Desk Robert Kütemann: “Daan’s partnership really strengthens our corporate practice. Daan has a strong legal and strategic insight. For many years, he has made an important contribution to the corporate team, which is highly valued by clients.
Since Daan’s clients include both companies and insurers, his appointment fits in perfectly with our positioning as an Insurance & Corporate firm. We are very pleased to appoint Daan as a partner.”


Chambers: an introduction to the Dutch Insurance Market

Chambers: an introduction to the Dutch Insurance Market 2560 1707 Ekelmans Advocaten
Concept of car insurance. Blue car under red umbrella with text Insurance
Leestijd: 2 minuten
Lesedauer: 2 Minuten
Reading time: 2 minutes

For Chambers and Partners, Jan Ekelmans and Frank Schaaf, partners at Ekelmans & Meijer, wrote and overview of the Dutch insurance market. The article gives an introduction to the current economic, legal and political trends affecting the Insurance Market in the Netherlands. Chambers and Partners is an independent research company operating across 200 jurisdictions delivering detailed rankings and insight into the world’s leading lawyers.

The Dutch insurance market is the 4th largest EU insurance market. At the basis of the insurance market lie the contractual obligations in insurance contracts. Dutch insurance law limits the freedom to determine the validity and contents of insurance agreements in ways generally similar to those in other European countries. The contractual obligations are influenced by international practice and insurance is offered by insurers who often maintain an international presence.

Specifically healthcare insurance is different. Legislation contains detailed provisions on the allowed content of healthcare insurance agreements. Dutch residents are legally obliged to maintain healthcare insurance.

Many of the largest Dutch law firms specialize in limited areas of insurance only. Most Dutch law firms with a broader in-depth activity on the insurance market are smaller or mid-sized firms. Generally, firms active in the insurance market concentrate on the Dutch insurance market.

You can read the full article here.



VoetbalTV and the GDPR: even commercial interests can be legitimate

VoetbalTV and the GDPR: even commercial interests can be legitimate 2560 1707 Ekelmans Advocaten
Leestijd: 4 minuten
Lesedauer: 4 Minuten
Reading time: 4 minutes

The Dutch supervisory authority (Dutch DPA) has long taken the position that a purely commercial interest cannot be a legitimate interest as referred to in Article 6(1)(f) of the GDPR. On that basis the Dutch DPA imposed a € 575,000 fine on VoetbalTV in 2020. A Dutch lower administrative court disapproved of the strict interpretation of legitimate interests by the Dutch DPA and annulled the fine.

The Dutch DPA has investigated the privacy of players and spectators filmed by VoetbalTV. VoetbalTV is an online platform that broadcasts amateur football. Users were able to watch highlights, share those highlights or use the clips as preparation for their matches. In September 2020 VoetbalTV was declared bankrupt. The Dutch DPA concluded that VoetbalTV should not have broadcast the film footage of the footballers, because there is no lawful basis for the recording and distribution of this footage. The Dutch DPA imposed a fine of € 575,000 on VoetbalTV for unlawful processing of personal data. VoetbalTV did not agree with the fine and initiated court proceedings against the Dutch DPA. A Dutch lower administrative court gave judgment on 23 November 2020.

VoetbalTV believes it has a legitimate commercial interest in distributing the images The court ruled that a purely commercial interest can be a legitimate interest for processing personal data (Art. 6 (1) f AVG) and thus for making recordings and distributing the images. This follows from European case law.

Dutch DPA: a commercial interest can never amount to a legitimate interest

In determining what constitutes a legitimate interest, the Dutch DPA applies a strict view: an interest is only legitimate if it is named as a “legal interest” in law or unwritten law. This interest must be of a more or less urgent and specific nature arising from a rule or principle of law. If this is not the case then there is no legitimate interest that has to be taken into account in the balancing test. Purely commercial interests and profit maximization lack a legal character. Therefore, according to the Dutch DPA, those interests can never amount to a legitimate interest. This restrictive interpretation is also found in the guidance note the Dutch DPA has published on how legitimate interests under the GDPR should be interpreted. Dutch legal practitioners have been critical of the guidance note from the Dutch DPA.

According to Voetbal TV, the level playing field is much broader: any interest can be legitimate as long as it is not contradictory to statutory law.

The European Perspective

The ‘Fashion ID’ judgment from the Court of Justice of the European Union (CJEU) (ECLI:EU:C:2019:629) shows that the legitimate interest is entirely flexible and open-ended in nature. Fashion ID collected and shared personal data in order to benefit from the commercial advantage consisting in increased publicity for its goods. This too can amount to a legitimate interest. Indeed, recital 47 to the GDPR stipulates that direct marketing can be a legitimate interest. By excluding purely commercial interests, commercial enterprises never get around to the balancing test for which the ‘legitimate interest’ basis was created. Both the right to respect for one’s private life and the freedom of enterprise are European fundamental rights. Fundamental rights must be taken into a balancing test for which the ‘legitimate interest’ basis was created. The one fundamental right never prevails over the other by definition. Any interest can be legitimate. The European Data Protection Board (EDPB) also defined legitimate interests in a more inclusive manner.

This interpretation allows for more interests being legitimate than the Dutch DPA’s interpretation, as many factual, economic, and idealistic interests are not designated in the law. The court rules that it is – in principle – up to controllers (i.e., VoetbalTV) to determine their legitimate interests. The controller must act accordingly.

Judge overturns Dutch DPA GDPR fine

In the Voetbal TV case, the court adopts the broad interpretation of “legitimate interest” used by the CJEU in the Fashion ID case: is the processor not pursuing an interest that is contrary to the law ?

The court disapproved the strict interpretation of legitimate interests by the Dutch DPA. According to the court, excluding certain interests in advance is contrary to European law.

Moreover VoetbalTV indicates that it has interests that go beyond commercial purposes. Distributing the images is also informative and makes the sport available to a wider audience.

Based on the purposes stated by VoetbalTV and the explanation that the processing is necessary and proportionate, the Dutch DPA must still assess whether VoetbalTV has a legitimate interest in recording and broadcasting the film footage of footballers.

What are the consequences of this judgment?

The Dutch DPA will have to revise its guidance note on how legitimate interests under the GDPR should be interpreted. The VoetbalTV judgment enables organisations to process personal data on the basis of commercial interests since these are legitimate interests in the meaning of article 6(1)(f) GDPR. In that case, it is not necessary to ask all data subjects involved if they are willing to consent to the data processing. This is good news for (commercial) organisations. However, it is important to note they must have a well-founded explanation for the (intended) data processing.

The period for submitting an appeal with the Court of Appeal has now expired. It is not known to us whether an appeal has been submitted, but we do not consider that there is a very high risk of the Court of Appeal adopting a different course. Interesting from an EU perspective is that on September 2, 2020, the European Data Protection Board (EDPB) published draft guidelines on the targeting of social media users on its website. The EDPB maintains the position that commercial interests can also amount to a legitimate interest. It will be interesting to see how the Dutch DPA’s legitimate interest interpretation in the Netherlands and on EU level is impacted at this stage.

Our Privacy Desk will of course keep you updated regarding ongoing developments.


Travel Insurance in times of COVID-19 – view from The Netherlands

Travel Insurance in times of COVID-19 – view from The Netherlands 2560 1880 Ekelmans Advocaten
Travel Insurance
Leestijd: 3 minuten
Lesedauer: 3 Minuten
Reading time: 3 minutes

Due to Covid- 19 travel insurance companies have had to face many claims under the travel insurance policies in the past months. Many travel insurance policies exclude the outbreak of a pandemic from coverage. In a couple of cases the insured party did not give up after the Travel Insurer refused to provide cover and appealed to the Financial Services Complaints Tribunal of The Netherlands.

Travel insurance

As the name suggests, travel insurance provides cover for travelers during a trip. On the basis of travel insurance, travelers can receive assistance if they have to cut their stay short or if they are forced to stay longer as a result of an illness or an accident. Travel insurance usually covers the additional costs in certain cases.

The Policy Conditions of the travel insurance determine which events are covered and which events are excluded from insurance. Travelers can extend coverage by purchasing specific modules.

Financial Services Complaints Tribunal of The Netherlands interpret the policies in favor of the Insurers

The Financial Services Complaints Tribunal of The Netherlands is a dispute settlement authority accessible to consumers where they can complain about, for example, their insurance.

As mentioned before a couple of consumers appealed to the authority after the Insurer refused to provide cover.

An example of such a case is decision no. 2020-628 of 29 July 2020, of the Disputes Committee of the Financial Services Complaints Tribunal of The Netherlands. In this case the Insured was visiting his daughter in Morocco when both Morocco and The Netherlands went into complete lockdown. The flight was canceled and the only way home was repatriation by the Dutch Government. He had to stay in Morocco for weeks.

The Insured called on his travel insurance for the extra costs he would have to make because he couldn’t fly home. The Insurer however refused cover, and took the position that cover only exists when damage is caused by an earthquake, flood or volcanic eruption and that definitions of earthquake, flood and volcanic eruption are given in the General Terms and Conditions. These Conditions did not mention a pandemic or a virus outbreak, such as the coronavirus outbreak, and therefore the Insurer was not obliged to reimburse the Insured.

The Disputes Committee concurred with the position of the Insurer and considered (in so far as relevant) that the starting point should be what is stated in the Insurance Conditions. The Conditions are – according to the Committee – what parties have agreed on. According to The Disputes Committee the Insurer is free to determine the limits within which it is prepared to provide cover.

In this case The Disputes Committee found that the Policy Conditions were sufficiently clear about what would and would not be covered by the Insurer.

Does that mean Travel Insurance never covers COVID-19 related issues?

No, it does not. Firstly the question whether or not the insurance provides cover depends on the Policy Conditions. However in certain circumstances the Insured will be able to successfully make a claim on his travel insurance. This is the case, for example, if the insured or a co-insured himself becomes seriously ill due to the Corona virus and as a result has to make additional accommodation costs. Serious illness is in fact classified as an insured event in most Policy Conditions. In that case it does not matter what made the Insured sick in the first place.

Bron: Insurance Law Global


Can you transfer personal data to third countries safely after Schrems II? 

Can you transfer personal data to third countries safely after Schrems II?  1120 600 Ekelmans Advocaten
Schrems II
Leestijd: 6 minuten
Lesedauer: 6 Minuten
Reading time: 6 minutes

Since the EU-US Privacy Shield has been declared invalid, it is unclear how a company can transfer personal data to the US. Anne-Mieke Dumoulin Siemens provides guidance in the twilight zone created by the Court.

The Court of Justice of the European Union (ECJ) declared the EU-US Privacy Shield invalid on 16 July 2020 in the so-called Schrems II case. This means that with immediate effect, the EU-US Privacy Shield can no longer serve as a basis for the transfer of personal data to the US. When transferring personal data to countries outside the European Economic Area (EEA), the rules of the GDPR must be followed. Now that the EU-US Privacy Shield can no longer be used as a basis for transfer, the question arises as to how transfer to the US (and to other countries outside the EEA) can be designed to be secure. This article provides guidance in the twilight zone created by the Court.

Exit EU-US Privacy Shield

The GDPR facilitates the transfer of personal data on the basis of an adequacy decision. The European Commission has issued an adequacy decision for 12 countries.  An adequacy decision guarantees the third country concerned provides an adequate level of data protection. The EU-US Privacy Shield is based on an adequacy decision issued by the European Commission. The Court has annulled the EU-US Privacy Shield in Schrems II because of the lack of an adequate level of protection in the US. There are surveillance regulations in the US that allow US intelligence and security services to access personal data. Such access is not limited to strictly necessary data. In addition, US citizens have no enforceable data protection rights and no effective legal remedies.

Consequences exit EU-US Privacy Shield

The clash between the European privacy regulations and the US surveillance laws has serious consequences for the many companies and organisations that transfer personal data to the US under the EU-US Privacy Shield on a daily basis. They are now acting in violation of the GDPR. Schrems II does not offer a transition period: the transfer of personal data to the U.S. on the basis of the EU-US Privacy Shield has been declared invalid as of the date of the ruling. Schrems II does not only cover future data flows, but also personal data that have been transferred in the past and are still accessible to U.S. authorities. At present, it is not to be expected that the European supervisory authorities will start immediate enforcement proceedings, but the question what is an acceptable alternative mechanism for the transfer of personal data should be at the top of your company’s action list. How to proceed?

Alternative mechanism for the transfer of personal data?

The transfer of personal data to recipients in third countries must not undermine the level of protection guaranteed by the GDPR to individuals within the EU. The recipient country must provide a level of protection for personal data comparable to that guaranteed within the EU. In short, transfers should only take place in full compliance with the GDPR.

If no adequacy decision is in place for a particular country, the data exporting company or organisation must ensure that the transfer is secured with appropriate safeguards. The standard contractual clauses (SCCs) as adopted by the European Commission provide appropriate safeguards according to the GDPR.

Can SCCs still be used after Schrems II?

Article 46 GDPR, which forms the basis for the use of standard provisions, explicitly sets two requirements for transfers to countries to which no adequacy decision applies. Firstly, the exporting company must provide adequate safeguards (through SCCs, for example) and secondly, enforceable data subject rights and effective legal remedies for data subject must be available in the third country.

The SCCs passed the test of criticism in Schrems II. In principle, personal data can still be transferred to third countries on the basis of SCCs. However, the Court emphasises the importance of requirements in Article 46 GDPR concerning the use of standard clauses. Prior to any transfer of personal data, the transmitting company must verify that the receiving country provides the data subjects with enforceable rights and effective legal remedies.

In general, companies are imposed with the almost impossible task of assessing – on a country-by-country and transfer-by-transfer basis – whether recipient countries have legal rules in place regarding the protection of data subjects and their personal data. In addition, it is not clear what criteria should be used in the assessment. The Court does not address this and Article 46 GDPR does not provide any further explanation either. We now know that standard provisions cannot (or no longer) be used as a mechanism for the transfer of personal data to the US because US surveillance legislation prevents this. However, companies are in the dark as to how the surveillance and security legislation in other third countries is to be valued.

The reality is that few companies have sufficient knowledge and resources to properly assess the data protection legislation and surveillance practices of third countries. It is also clear that the European authorities seem to be struggling with such assessments. So far, the European Commission has issued adequacy decisions for only 12 countries, and the adequacy decision for the US has now been invalidated twice.

How can SCCs be used in practice?

The European Data Protection Board (EDPB) has announced to publish recommendations on how to deal with the consequences of Schrems II. In anticipation of these recommendations, the following guidelines may help you to implement the transfer of personal data to third countries on the basis of SCCs.

  • Check that the data importer is able to comply with all the provisions of the SCCs.
  • Carry out a due diligence on the type of data transferred, the categories of data subjects, the processing purposes, the retention period, the type of recipient and the sector to which the recipient belongs.
  • Examine to what extent the legal system of the third country allows public institutions to require disclosure of data and whether data subjects (including foreign data subjects) are aware of the disclosure and are able to take legal action before the courts. Determine the category of data affected by the laws of the third country.
  • Investigate the extent to which the importer is bound by these laws and the likelihood of the importer disclosing or having to disclose the exporter’s personal data to the authorities in the third country.
  • Check whether the data importer has a procedure to inform the data exporter if a government request extends to the data of the data exporter and offers the possibility of opposing disclosure.
  • Check whether the risks posed by national surveillance legislation can be offset by agreeing additional safeguards with the data importer. This could include agreements on the application of proper encryption, the suspension of the transfer of data and the removal of data by the data importer.
  • Make sure you document your choices and agreements. The GDPR requires you to be able to demonstrate that you comply with the GDPR.

Can Binding Corporate Rules be used?

Binding Corporate Rules (BSRs) are, in addition to SCCs, a mechanism for the transfer of personal data to third countries. BCRs are rules specifically designed for transfers of personal data within an international group of companies. Once established and approved, BCRs can only be used for the transport of personal data within the group of companies. A different mechanism must be used for transfers outside the group.

BCRs were not subject of debate in Schrems II. However, if the lawfulness of the transfer of personal data on the basis of SCCs is in question, because the regulations in the receiving third country do not comply with European safeguards, then one may wonder whether transfer to the same country on the basis of BCRs is lawful.

BCRs are drawn up by the group company concerned and must be approved by the competent supervisory authority. SCCs are a product of the European Commission. In practice, the main difference is that the burden of assessing the adequacy of protection measures lies with the supervisory authority when a company uses BCRs, whereas the user of SCCs (re Schrems II) has to make his own adequacy assessment and is responsible if he makes a mistake. This raises the question of how supervisory authorities within the EU deal with pending applications for the approval of BCRs. Approval of BCRs implies that the relevant supervisory authority considers that appropriate safeguards are in place in the receiving third country. This may be a sensitive issue, given the reasoning in Schrems II.

Can the exceptions in Article 49 GDPR be used?

According to the Court in Schrems II, the invalidation of the EU-US Privacy Shield does not create a vacuum because companies can rely on one of the derogations for specific situations (Article 49 GDPR). However, the possibilities to justify transfers using the exceptions of Article 49 GDPR are limited. EDPB has stated (Guidelines 2/2018) that these exceptions should be interpreted restrictively and that the exception should not be made the rule. In addition, the use of article 49 GDPR imposes a heavy administrative burden on the company. The data exporter must justify why each of the mechanisms for the transfer in question cannot be used and why the exception in question is suitable as a basis for transfer in the specific case. The option provided for in Article 49 GDPR therefore does not seem very attractive.

EDPB recommendations on implications of Schrems II

Schrems II shows that the application of and compliance with strict European privacy rules for the transfer of personal data in international traffic is problematic. The EDPB has set up a task force which will hopefully soon come up with recommendations on how to deal with the consequences of the Schrems II decision.

Would you like to know more about this subject? Then please contact our Privacy Desk.


De Zorgverzekering (‘Health Insurance’) — the first clear overview of the law in Dutch healthcare

De Zorgverzekering (‘Health Insurance’) — the first clear overview of the law in Dutch healthcare 2560 1707 Ekelmans Advocaten
overzicht zorgverzekeringsrecht
Leestijd: 2 minuten
Lesedauer: 2 Minuten
Reading time: 2 minutes

Dutch health insurance and long-term healthcare are riddled with rules and customary practices, in which it is easy to lose your way.

But now the first edition of the book De Zorgverzekering (i.e.: healthcare insurance) has appeared.

Dutch health insurance and long-term healthcare are riddled with rules and customary practices, in which it is easy to lose your way. But now the first edition of the book De Zorgverzekering (i.e.: healthcare insurance) has appeared. In this book, Jan Ekelmans provides a picture of the health insurance scene and unpicks it layer by layer. Health insurers, healthcare providers, regulatory bodies, consumers and their advisors can use this book to help them make better, faster choices on what action to take.

Market worth 80 billion euros

Insured healthcare is a market with a turnover of 80 billion euros. Producing an overview of what happens in that market is quite a challenge, one that has been taken up by this book. It focuses on four topics: the various kinds of insurance (health insurance, insurance under the Long-Term Care Act and supplementary insurance); the legal relationship between the healthcare provider and the health insurer; privacy protection and possible breaches of privacy; and the audits and fraud investigations by health insurers, plus the consequences attached to the findings from these investigations.

Practical approach

The book has a practical approach; it devotes attention to different perspectives on decisions and includes examples from actual practice, future developments and sources for further information and application. It contains a wealth of facts and legal information that has never before been brought together in one place, ordered and made accessible in this way.

About the author

Jan Ekelmans is a lawyer and partner at Ekelmans & Meijer Advocaten. He is an authority in the field of insurance law in the Netherlands. Insurers ask him for advice on complex and politically sensitive matters. For a number of years Jan was a deputy justice at the Arnhem–Leeuwarden court of appeal and a member of the advisory committee that advises the Dutch Parliament and Government on civil procedural law. His extensive experience with insurance law enables him to provide a clear overview of health care insurance in the Netherlands.


We use cookies to make sure that our website functions smoothly. If you continue to use the website, we assume that you consent to the cookies.