On 26 July 2019, the Greek Supervisory Authority (SA) found Pricewaterhouse Coopers (“PwC”) not compliant with General Data Protection Regulation (GDPR) in relation to the processing of its Greek employees’ personal data. The...more
The EU Commission issued today a “Communication to the European Parliament and the Council” which is entitled “Data protection rules as a trust enabler in the EU and beyond- taking stock”, which outlines the current state of...more
Dear GDPR,
Before you were born, you already attracted a lot of attention, after all, not everyone is born over two years after they are conceived and has 28 parents! And your parents had to ?resist an enormous pressure...more
5/29/2019
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
European Supervisory Authorities (ESAs) ,
General Data Protection Regulation (GDPR) ,
Personal Data
On January 10, 2019, Advocate General Szpunar issued his much awaited opinion in the Google case that was referred to the European Court of Justice by the French “Conseil d’Etat”, the highest administrative court of the...more
Our experience in advising clients about GDPR and assisting them in the compliance process is that there are often misconceptions about the so-called “right to be forgotten”. The purpose of this post is to address some of...more
Cultural gap between the EU and the US -
EU Data Protection Rules -
Why should you care about those rules?
..GDPR is « general » i.e. it applies to all activities including the Healthcare/Life Sciences.
..As of...more
Recently, Austrian privacy activist Maximilian Schrems won a partial victory in his continuing battles with Facebook. We discuss that case below. But first, we review his prior tilts with Facebook....more
Even though the GDPR is a general regulation, some provisions are expressly addressing the specificities of the processing of personal data in the healthcare/life science sectors....more
What the recent Amazon decision tells us -
On 28 July 2016, the European Court of Justice rendered a decision in a dispute between an Austrian Consumer Protection organization known as VKI (Verein für...more
9/6/2016
/ Amazon ,
Austria ,
Data Protection ,
EU ,
EU Data Protection Laws ,
European Court of Justice (ECJ) ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
Google ,
Hungary ,
Luxembourg ,
Member State ,
Personal Data ,
Preamble ,
Spain ,
Subsidiaries ,
Terms and Conditions
After the European Court of Justice invalidated Safe Harbor on October 6, ?2015, the Article 29 Working Party announced in an October 16, 2015 statement that US companies that were Safe Harbor certified had until the end of...more
6/20/2016
/ Article 29 Working Party (WP29) ,
CNIL ,
Data Protection Authority ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
Facebook ,
France ,
Germany ,
International Data Transfers ,
Ireland ,
Privacy Policy ,
Standard Contractual Clauses ,
US-EU Safe Harbor Framework
On 15 December 2015, the three main European institutions, the Commission, the Parliament and the Council, agreed on the final text of the General Data Protection Regulation (GDPR) which has been on the table since January...more
The European Court of Justice has just issued a decision (ECJ 6 October 2015 Case C-362/14, Maximillian Schrems v. Data Protection Commissioner) that invalidates the so-called US-EU “Safe Harbor” system. Suddenly, what 3,500...more
10/7/2015
/ Binding Corporate Rules ,
Data Privacy ,
Data Protection Authority ,
Data Security ,
Edward Snowden ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
International Data Transfers ,
Personal Data ,
SCC ,
Surveillance ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
On June 12, 2015 the French Data Protection Authority (Commission Nationale de l’Informatique et des Libertés – CNIL) issued a notice ordering Google to draw all the consequences of the CJEU May 13, 2014 ruling and to apply...more
10/1/2015
/ CNIL ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Delisting ,
EU Data Protection Laws ,
European Court of Justice (ECJ) ,
France ,
Google ,
Right to Be Forgotten ,
Search Engines
On 13 May 2014 the Court of Justice of the European Union (CJEU) issued a judgment which Google called a “landmark ruling” (Google v. Costeja Gonzalez case, C-131/12). The court held, based on the 95/46 Directive on...more
8/12/2015
/ Data Privacy ,
Data Protection Authority ,
EU ,
EU Data Protection Laws ,
European Court of Justice (ECJ) ,
France ,
Google ,
Popular ,
Privacy Laws ,
Right to Be Forgotten ,
Search Engines