Compliance
An overview of Brazil’s LGPD
Following a year of uncertainty regarding the date of implementation, Brazil’s General Data Protection Law has officially come into effect. Although Brazil is no stranger to sectoral privacy laws and already had more than 40 laws and norms at the federal level, the LGPD is the country’s first law to provide a…
Read More »Schrems II Decision Extends to Swiss-US Privacy Shield; Agreement Found Inadequate After Annual Review
The unexpected Schrems II decision was a major blow to digital trade across the Atlantic, invalidating the EU-US Privacy Shield agreement and forcing companies to very quickly revamp their data handling processes. There was some question as to whether this ruling would extend to the similar Switzerland-US Privacy Shield agreement,…
Read More »Facebook in High Court challenge over transfer of data
Facebook has significant concerns about its ability to deliver its services to its 400 million European users over the Data Protection Commissioner’s decision regarding the transfer of data to the social media giant’s US parent, the High Court has heard. Late last month the Data Protection Commissioner (DPC) informed Facebook…
Read More »Irish DPC tells Facebook to stop transferring data to the US: Should panic ensue?
The Wall Street Journal reported Sept. 9 that Ireland’s Data Protection Commissioner issued a preliminary order that Facebook must stop transferring user data to the U.S. The order, which was reported based on anonymous sources “according to people familiar with the matter,” follows the Court of Justice of the European Union’s ruling…
Read More »Ireland to Order Facebook to Stop Sending User Data to U.S.
A European Union privacy regulator has sent Facebook Inc. a preliminary order to suspend data transfers to the U.S. about its EU users, according to people familiar with the matter, an operational and legal challenge for the company that could set a precedent for other tech giants. The preliminary order,…
Read More »Schrems II: How will impact international data flows in practice
Of all the privacy developments that have hit the headlines this year, arguably none – not even the coming into effect of the CCPA, developments related to the LGPD in Brazil, or the ongoing Brexit adequacy saga – have been as impactful as the Court of Justice of the European Union’s…
Read More »Data Transfers: Post-Schrems II guidance from the LfDI Baden-Württemberg
In the wake of the Court of Justice of the European Union’s (‘CJEU’) judgment in Data Protection Commissioner v. Facebook Ireland Limited, Maximillian Schrems (Case-311/18) (‘the Schrems II Case’), the future of international data transfers hangs in the balance, with EU supervisory authorities playing a crucial role in shaping the case’s impact.…
Read More »The US-EU Privacy Shield Is Dead … Now What?
This issue is a big deal, but one that comes as little surprise to those following subject. As you may have already heard, the Court of Justice of the European Union (ECJ) recently ruled that the current data transfer agreement between the European Union and the United States known as the…
Read More »European Data Protection Board – Thirty-seventh Plenary session
The Board adopted GDPR Guidelines on the concepts of controller and processor in the GDPR and Guidelines on the targeting of social media users. In addition, the EDPB created a taskforce on complaints following the CJEU Schrems II judgement and a taskforce devoted to the supplementary measures that data exporters…
Read More »The increasing importance of a DPIA
As organizations scramble to implement alternative data transfer mechanisms and fill in their compliance gaps following the “Schrems II” decision, one important tool remains overlooked: the DPIA (data protection impact assessment). Based on the text Article 35 of the EU General Data Protection Regulation and subsequent European Data Protection Board guidance,…
Read More »
Schrems II Judgment Day
The Court of Justice of the European Union (“CJEU“) issued its judgment today in …
