EU

The EU Parliament highlights that organisations can no longer rely on simple “data housekeeping” practices alone; instead, they must shift towards advanced data protection approaches — such as GDPR Pseudonymisation — to control Big Data use. The methods and purposes of data processing have changed dramatically over the past several…

General Observations 1. Welcomes the fact that the GDPR has become a global standard for the protection of personal data and is a factor for convergence in the development of norms; welcomes the fact that the GDPR has placed the EU at the forefront of international discussions about data protection, and…

The ePrivacy Regulation is finally at a decisive turning point because the Council of the European Union has reached an agreement on the final version of the text. The approval of the ePrivacy Regulation by the Council of the European Union After negotiations that lasted over 4 years, the ePrivacy…

Brussels is set to allow data to continue to flow freely from the EU to the UK after concluding that the British had ensured an adequate level of protection for personal information. A draft decision by the European Commission, seen by the Financial Times, is expected to be approved this week. It will…

The Council of the EU has today made a surprise announcement that it has approved its negotiating position on the ePrivacy Regulation (i.e. the successor to the ePrivacy Directive), which will further reform EU cookie consent and communications content/metadata rules in the EU. The process now is that the ePrivacy…

The Trade and Cooperation Agreement (“the Agreement”) between the EU and the UK contains good news for data protection practitioners. The free flow of data between the EEA[1] and the UK can continue after the end of 2020. This is extremely welcome. Recent research showed that the cost of having to put in…

What’s the issue? The ePrivacy Directive (EU Directive 2002/58/EC) establishes (amongst others) specific rules on privacy for the electronic communications sector, such as limiting the use of traffic and location data and prohibiting listening to, or otherwise accessing the contents of, communications.  These rules apply to “service providers” (and more…

Germany’s Hamburg Data Protection Authority (“HmbBfDI”) have imposed a €35.2 million ($41.4 million) fine on H&M, the world’s second-largest clothing retailer, for General Data Protection Regulation (“GDPR”) violations; the largest privacy fine ever issued by a German regulator. This fine is significant for a number of reasons, not least of which is that European regulators…

A recent analysis from Exonar, a data indexing company based in the UK, shows that 19% of all General Data Protection Regulation (“GDPR”) fines have been levied due to unlawful us of personally identifiable information and failure to timely or adequately comply with data subject access requests (“DSARs”). What Is A Data…

The issue of individual redress has bedeviled negotiations between the European Union and the United States for more than two decades. Three adequacy deals—the Passenger Name Record (PNR) Agreement, Schrems I and Schrems II—have now unraveled because the European Court of Justice (CJEU) insists on an effective judicial remedy and…