EU
EU Court Blocks Data Pact Amid Fears Over U.S. Surveillance (4)
The European Union’s top court struck down a key method used by Facebook Inc. and other companies to transfer data across the Atlantic amid fears over potential U.S. surveillance. Thursday’s decision by the EU Court of Justice on the so-called Privacy Shield means thousands of businesses that ship commercial data…
Read More »Schrems II Judgment Day
The Court of Justice of the European Union (“CJEU“) issued its judgment today in the Schrems II case1 and it is fair to say that it has caused some shock amongst the privacy community and our clients. First things first: don’t panic! Data flows will continue, and can continue, for…
Read More »Europe’s top court strikes down flagship EU-US data transfer mechanism
A highly anticipated ruling by Europe’s top court has just landed — striking down a flagship EU-US data flows arrangement called Privacy Shield. “The Court of Justice invalidates Decision 2016/1250 on the adequacy of the protection provided by the EU-US Data Protection Shield,” it wrote in a press release. The…
Read More »Dutch DPA issues record fine for violating GDPR data subject rights
The Dutch Data Protection Authority (DPA) issued a EUR 830,000 (approximately USD 937,000) fine against the Dutch Credit Registration Bureau (BKR) for violating data subject rights. The fine stems from BKR’s practice of charging fees and discouraging individuals who wanted to access their personal data. BKR is responsible for maintaining the Dutch…
Read More »Schrems II Judgment Day
The Schrems II judgment is due on 16th July. What will it say? Will Standard Contractual Clauses survive? What (if anything!) will you need to do anything to ensure that international transfers of data comply with GDPR? Join our experts on Friday 17th July at 16.00 BST, the day after…
Read More »Cookies and other tracking devices: the Council of State issues its decision on the CNIL guidelines
June 29, 2020 In its decision of 19 June 2020, the Council of State (Conseil d’État) essentially validated the guidelines on cookies and tracking devices adopted by the CNIL on 4 July 2019. The purpose of these guidelines was to clarify the enhanced legal protection for Internet users with regard…
Read More »How to ensure you appoint an independent DPO
In light of recent regulator action regarding data protection officer independence, it’s an important moment to consider the ethical and practical considerations surrounding the appointment of a DPO. A sporting analogy is helpful here: The essential question to consider is can one player be a coach and a referee? Arguably…
Read More »UK-US data deal puts Brexit data adequacy pact at risk
The UK risks throwing away the possibility of a data adequacy agreement ensuring the free flow of personal data between the UK and the European Union (EU) after the Brexit transition period ends, if it cannot be proved that there are sufficient safeguards included in the UK-US agreement on data…
Read More »Privacy by design — GDPR’s sleeping giant
Today’s approach to privacy by design, or data protection by design as it’s referred to in the EU General Data Protection Regulation, is fundamentally flawed. Privacy by design is the concept that privacy must be “baked” into every stage and aspect of a new product’s design, as well as a…
Read More »EDPB: Position on Contact Tracing
During its 30th plenary session, the EDPB adopted a statement on data subject rights in connection to the state of emergency in Member States. The Board also adopted a letter in response to a letter from Civil Liberties Union for Europe, Access Now and the Hungarian Civil Liberties Union (HCLU)…
Read More »
Schrems II Judgment Day
The Court of Justice of the European Union (“CJEU“) issued its judgment today in …
