The Information Commissioner’s Office (ICO) has recently published guidance for employers on monitoring workers lawfully, transparently and fairly. The guidance aims to protect workers’ data protection rights and help...more
3/27/2024
/ Artificial Intelligence ,
Data Privacy ,
Data Protection ,
Electronic Monitoring ,
Email ,
Employee Monitoring ,
Employee Privacy Rights ,
Employer Liability Issues ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Remote Working ,
UK
In this episode, our privacy lawyers, Claude-Étienne Armingaud, Whitney McCollum, and Camille Scarparo, sit down with Arya Tripathy, a partner at Priti Suri & Associates in New Dehli, and discuss together India’s newly...more
Closing in on the fifth anniversary of the entry into force of the EU General Data Protection Regulation (GDPR), the Irish Data Protection Commission (DPC) announced on 22 May 2023 that it had fined the Irish subsidiary of...more
Following the positions expressed by the Austrian, German, and French supervisory authorities, the Italian Supervisory Authority (Garante per la Protezione dei Dati Personali)(Garante) published on 9 June 2022 a specific...more
On 29 June 2022, Decree n° 2022-946 (the Decree) supplemented the regulatory framework resulting from the Ordinance n° 2021-1247 of 29 September 2021 on the legal warranty of conformity for goods, digital content, and digital...more
Following the 2020 Court of Justice of the European Union’s (CJEU) ruling invalidating the Privacy Shield (see our alert here), personal data transfers from the European Union to the United States required EU companies to...more
6/23/2022
/ CNIL ,
Court of Justice of the European Union (CJEU) ,
Data Controller ,
Data Protection ,
EU ,
European Supervisory Authorities (ESAs) ,
France ,
International Data Transfers ,
Personal Data ,
Standard Contractual Clauses ,
Websites
Individuals having difficulties in obtaining responses to their personal data subject access requests (DSAR) from French telephone operator Free Mobile filed several complaints before the French data protection authority...more
On 21 March 2022, the United Kingdom finalized the adoption of its own version of the European Union’s Standard Contractual Clauses (SCC), a contractual mechanism aiming at securing personal data protected under a data...more
European regulators unofficially announced the major theme of this new year, through the release of several decisions pertaining to cookies and other tracking technologies in the first 10 days of 2022. As the General Data...more
1/28/2022
/ CNIL ,
Consent ,
Cookie Banners ,
Cookies ,
Data Protection ,
Data Transfers ,
e-Privacy Directive ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Schrems I & Schrems II
On 28 June 2021, within 48 hours of the expiration of the post-Brexit grace period under the UK-EU Trade and Cooperation Agreement, the European Commission has adopted two adequacy decisions addressing the transfers of...more
BACKGROUND - On 30 March 2021, the European Commission, in a joint statement with the Personal Information Protection Commission, the data protection authority of the Republic of Korea (Korea), declared that Korea ensured a...more
Depending on whether you are an optimist or a pessimist, it will have taken the European Commission either three years and two weeks (since the entry into force of the General Data Protection Regulation (GDPR) or eleven...more
The Bavarian Data Protection Authority recently prohibited a European company from using U.S. newsletter provider Mailchimp in a first-of-its-kind decision. Since the Schrems II decision of the Court of Justice of the...more
The French Supervisory Authority (CNIL) wrapped up 2020 with a EUR 20,000 fine against NESTOR, a French food preparation and delivery company catering to office employees....more
When the General Data Protection Regulation (GDPR) came into force throughout the European Union nearly three years ago, one of its most eye-catching features was its extraterritorial jurisdiction provisions. These extend the...more
The European Data Protection Board (EDPB) published two sets of new guidelines on 2 September 2020, on the concepts of controller and processor (Guidelines 07/2020, the Guidelines) and on the targeting of social media users...more
On 4 July 2019, the French Data Protection (CNIL) published its Guidelines on Cookies and Other Tracking Technologies. The Guidelines further detailed the nature of the interplay between the General Data Protection Regulation...more
With the recent decision from the Court of Justice of the European Union invalidating the Privacy Shield framework and subjecting the Standard Contractual Clauses (SCCs) to higher standard of enforcement, global companies...more
In a highly anticipated Schrems II decision, the Court of Justice of the European Union (CJEU) invalidated the Privacy Shield, the legal framework allowing transatlantic exchanges of personal data for commercial purposes...more
The current COVID-19 pandemic continues to raise many issues on employee privacy and how employers may balance processing their employees’ data with ensuring safety in the workplace. ...more
November will see several opportunities to discuss privacy matters in Europe and meet with The Privacist contributors within the K&L Gates’ platform, in connection with the International Association of Privacy Professionals...more
11/11/2019
/ California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
Personal Data
BREXIT: DEAL OR NO-DEAL? DATA IS THE QUESTION -
With the Brexit deadline looming ahead on 31 October 2019, the situation seemingly reaches new levels of uncertainty every day. Last week, the U.K. Supreme Court’s eleven...more
10/4/2019
/ Cookies ,
Court of Justice of the European Union (CJEU) ,
Data Breach ,
Data Controller ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Personal Data ,
UK ,
UK Brexit
Background - On 17 July 2018, the European Union (the “EU”) and Japan reached an agreement to recognize each other’s data protections systems as “equivalent”, and each commits to complete internal procedures by fall 2018 (the...more
8/28/2018
/ Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Japan ,
Personal Data ,
Popular
On July 2, 2018, the French Data Protection Authority (“Commission Nationale de l’Informatique et des Libertés” or “CNIL”) published its yearly thematic guidance for the priority axes of its control activities, notably...more
In June 2017, the Article 29 Working Party – the gathering the all Member States’ Data Protection Authorities (DPAs) – announced that the five last guidelines to be adopted as companion pieces to the General Data Protection...more