The European Parliament has approved a revised version of the EU Artificial Intelligence Act (AIA), which appears to be on a path to adoption by the EU later this year. The AIA is the most comprehensive legislation in the...more
On June 4, 2021, the European Commission adopted an updated and long-awaited set of standard contractual clauses (SCCs) for the international transfer of personal data. The previous standard contractual clauses were created...more
On July 16, 2020, the European Court of Justice (Court) ruled in the “Schrems II” case that the one of the most commonly used cross border data transfer mechanisms between the European Union (EU) and the United States (US),...more
7/20/2020
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The successful management of COVID-19 relies on the quick analysis and collection of health data, which can raise privacy issues particularly in the European Union. ...more
Have you ever looked at a product online and realized it was following you around the internet? Have you ever visited a different website and seen the item you were just thinking about purchasing? These friendly reminders are...more
11/15/2019
/ Advertising ,
Browser History ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cookies ,
Data Sellers ,
E-Commerce ,
General Data Protection Regulation (GDPR) ,
Internet Retailers ,
Online Advertisements ,
Opt-Outs ,
Privacy Laws ,
Regulatory Requirements ,
Retail Tracking ,
Unique Device Identifiers
The perplexing question of what U.S. companies must do to comply with EU “cookie” law became slightly more clear with the recent decision of the European Court of Justice (CJEU) in Planet49 GmbH, but numerous questions still...more
10/3/2019
/ CNIL ,
Consent ,
Cookies ,
Court of Justice of the European Union (CJEU) ,
Data Controller ,
Data Protection Authority ,
e-Privacy Directive ,
EU ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
Germany ,
Online Gaming ,
UK ICO ,
Websites
Following numerous privacy complaints, the State Office for Data Protection Supervision (BayLDA) recently conducted a random audit on 40 companies and found widespread problems with their cookie disclosures....more
3/8/2019
/ Cookie Banners ,
Cookies ,
Cybersecurity ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Violations ,
Transparency ,
Vulnerability Assessments
Since the General Data Protection Regulation (“GDPR”) took effect on May 25, 2018, US companies without facilities or employees in Europe have struggled to understand the extraterritorial scope of the GDPR....more
12/3/2018
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
European Data Protection Board (EDPB) ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Risk Management
Just as many US businesses were scrambling to meet GDPR compliance, California quickly passed a broad new privacy act, giving businesses another privacy compliance headache. We’ve previously blogged on the dramatic history...more
Today the EU General Data Protection Regulation (GDPR) goes into effect, ending the data protection landscape as we know it. This comprehensive privacy law applies directly to the 28 EU countries and companies established in...more
5/25/2018
/ Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Oversight ,
Regulatory Requirements ,
Risk Management
With the European Union’s General Data Protection Regulation (“GDPR”) set to go into effect on May 25, 2018, many questions remain as to what entities that control and process data from EU citizens must do to comply. ...more
If you are a hospital processing European Union (EU) patient data, if you maintain EU customer loyalty programs, or if you engage in behavioral advertising of EU citizens, you may be required to appoint a data protection...more
5/4/2017
/ Article 29 Working Party (WP29) ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
Electronic Protected Health Information (ePHI) ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Hospitals ,
International Data Transfers ,
Personal Data ,
Popular ,
Telecommunications
The EU General Data Protection Regulation (GDPR), which takes effect in May 2018, will require companies to reassess their mechanisms for obtaining, tracking, and verifying individuals' consent. Companies will need clear and...more
The European Commission's proposed e-privacy regulation sets forth obligations on handling electronic communications and clarifies obligations for seeking consent for the use of cookies. Meant to bring the e-privacy directive...more
1/13/2017
/ Cookies ,
Corporate Counsel ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
e-Privacy Directive ,
Electronic Communications ,
EU ,
Facebook ,
Fines ,
General Data Protection Regulation (GDPR) ,
Google ,
Metadata ,
Mobile Apps ,
Prior Express Consent ,
Privacy Laws ,
Telecommunications ,
WhatsApp
In a ruling with significant potential impact, the Court of Justice of the European Union (CJEU) has ruled that a dynamic internet protocol (IP) address may constitute "personal data" under EU Data Protection Directive...more
In an anticipated guidance, the United Kingdom's Information Commissioner's Office (ICO) updated its code of practice for privacy notices titled Privacy notices, transparency and control (the Code). Significantly, the ICO has...more
10/18/2016
/ Best Practices ,
Data Protection ,
Data Transfers ,
Disclosure Requirements ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Internet of Things ,
Notice Requirements ,
Privacy Policy ,
Third-Party Risk ,
UK ,
Websites
The European Parliament has voted to adopt the draft text of the General Data Protection Regulation (GDPR), which imposes enhanced requirements on organizations processing personal data in the European Union and transferring...more