Guidance
EU Court Blocks Data Pact Amid Fears Over U.S. Surveillance (4)
The European Union’s top court struck down a key method used by Facebook Inc. and other companies to transfer data across the Atlantic amid fears over potential U.S. surveillance. Thursday’s decision by the EU Court of Justice on the so-called Privacy Shield means thousands of businesses that ship commercial data…
Read More »Schrems II Judgment Day
The Court of Justice of the European Union (“CJEU“) issued its judgment today in the Schrems II case1 and it is fair to say that it has caused some shock amongst the privacy community and our clients. First things first: don’t panic! Data flows will continue, and can continue, for…
Read More »Europe’s top court strikes down flagship EU-US data transfer mechanism
A highly anticipated ruling by Europe’s top court has just landed — striking down a flagship EU-US data flows arrangement called Privacy Shield. “The Court of Justice invalidates Decision 2016/1250 on the adequacy of the protection provided by the EU-US Data Protection Shield,” it wrote in a press release. The…
Read More »Cookies and other tracking devices: the Council of State issues its decision on the CNIL guidelines
June 29, 2020 In its decision of 19 June 2020, the Council of State (Conseil d’État) essentially validated the guidelines on cookies and tracking devices adopted by the CNIL on 4 July 2019. The purpose of these guidelines was to clarify the enhanced legal protection for Internet users with regard…
Read More »How to ensure you appoint an independent DPO
In light of recent regulator action regarding data protection officer independence, it’s an important moment to consider the ethical and practical considerations surrounding the appointment of a DPO. A sporting analogy is helpful here: The essential question to consider is can one player be a coach and a referee? Arguably…
Read More »EDPB: Position on Contact Tracing
During its 30th plenary session, the EDPB adopted a statement on data subject rights in connection to the state of emergency in Member States. The Board also adopted a letter in response to a letter from Civil Liberties Union for Europe, Access Now and the Hungarian Civil Liberties Union (HCLU)…
Read More »Remarks at a federal Access to Information and Privacy community meeting
March 9, 2020 Ottawa, Ontario Address by Daniel Therrien Privacy Commissioner of Canada (Check against delivery) Introduction As you know, we are living in an era of great technological advancement. Technology means data, and the most telling data—not to mention the most valuable data—are often personal data. This new reality…
Read More »Organisational roles and functions for explaining AI
At a glance Anyone involved in the decision-making pipeline has a role to play in contributing to an explanation of a decision supported by an AI model’s result. This includes what we have called the AI development team, as well as those responsible for how decision-making is governed in your…
Read More »Should all Heads of Compliance/Legal step down as DPO, following the Belgian DPA ruling?
For many organisations, the appointment of the DPO has been one of the more complicated requirements to deal with under the GDPR. The detailed description of the workload, the high requirements in terms of expertise, but also the expectations of the Article 29 Working Party guidelines in terms of availability…
Read More »CASL – The 5 Types of Consent
As stated by CRTC: “Canada’s new anti-spam law was passed in December 2010 and, following a Governor in Council order, it entered into force on July 1, 2014. The law will help to protect Canadians while ensuring that businesses can continue to compete in the global marketplace. On January 15,…
Read More »
Schrems II Judgment Day
The Court of Justice of the European Union (“CJEU“) issued its judgment today in …
