Latham develops new resource to identify considerations for assessing SCC and BCR data transfers in Europe.
Following the Schrems II decision in July 2020, organisations relying on the standard contractual clauses (SCCs) or...more
A ruling by the EU’s top court invalidates the key mechanism for transferring personal data from the EU to the US and imposes additional conditions for use of the standard contractual clauses.
On 16 July 2020, the Court of...more
After the recent two-year anniversary of the GDPR, one fundamental question remains — who does the GDPR apply to?
Last month marked the two-year anniversary of the General Data Protection Regulation (GDPR), but its...more
As Russia’s internet law imposes new obligations on technology and infrastructure companies, the Russian government considers subordinate legislation.
On November 1, 2019, the majority of provisions of Russia’s internet...more
Recent action by the Hamburg authority may present implications for companies regulated by a lead data protection supervisory authority in Europe.
A German supervisory authority has initiated an investigation into Google’s...more
Following in the footsteps of the CNIL and the ICO, the Berlin DPA will impose a multimillion-euro fine for breach of the GDPR.
The Berlin Data Protection Authority (Berlin DPA) recently announced that it will issue a...more
8/28/2019
/ CNIL ,
Corporate Counsel ,
Corporate Fines ,
Data Breach ,
Data Protection Authority ,
Enforcement ,
Enforcement Actions ,
EU ,
General Data Protection Regulation (GDPR) ,
Germany ,
Information Commissioner's Office (ICO) ,
Popular ,
Risk Management
Proposed changes provide indication of the yet-to-be-published contents of the NIS Directive’s implementing regulation.
The UK government moved closer to implementing the Security of Network and Information Systems...more
The EU General Data Protection Regulation (GDPR) will come into force in May 2018, changing how businesses and the public sector manage customer information. With seven months before the deadline, governments, supervisory...more
In less than one year, from 25 May 2018, the General Data Protection Regulation (GDPR or Regulation) will become enforceable. The GDPR introduces a rigorous, far-reaching privacy framework for businesses that operate, target...more
6/2/2017
/ CNIL ,
Data Controller ,
Data Processors ,
EU ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Member State ,
Multinationals ,
UK ,
UK Brexit ,
UK Data Protection Act
The General Data Protection Regulation (GDPR or Regulation) will become applicable in one year, as of May 25, 2018. A lot has happened since we set out the key provisions of the Regulation last year....more
Well ahead of the implementation deadline for the European General Data Protection Regulation (GDPR), the German Parliament (Bundestag) passed a new Federal Data Protection Act (Bundesdatenschutzgesetz) on April 27, 2017. The...more
On January 10, 2017, the European Commission proposed a new ePrivacy Regulation (Proposal). Compared to the internal draft that was leaked in December, the official Proposal has been substantially modified....more
An internal Commission draft of a new ePrivacy Regulation (Draft) has been leaked to the public. The Commission plans to propose it in early 2017, but the content of the Draft does not seem near a final proposal. It is either...more
On October 19, 2016, the Court of Justice of the European Union (CJEU) issued a ruling on the question of whether IP addresses constitute personal data. The ruling has direct implications on the general question of when data...more
As the whole world now knows, the UK voted to leave the European Union (EU) in its historic referendum on 23rd June by a vote of 51.9 percent in favour of “leave” to 48.1 in favour of “remain”. This blog focusses on how that...more
6/28/2016
/ Binding Corporate Rules ,
EFTA ,
EU ,
European Economic Area (EEA) ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Member State ,
Referendums ,
Standard Contractual Clauses ,
UK ,
UK Brexit ,
UK Data Protection Act
On March 17, 2016, the Civil Liberties Committee convened to discuss whether the Privacy Shield framework that will replace Safe Harbor provides adequate protection to the data of EU citizens. A number of experts were...more
3/24/2016
/ Article 29 Working Party (WP29) ,
Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
European Commission ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Judicial Redress Act ,
Ombudsman ,
Personal Data ,
Standard Contractual Clauses ,
Surveillance ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
Earlier this week, the European Commission announced that a “political” agreement has been reached on a new framework for data flows from the EU to the US. The announcement highlights a few changes from the old Safe Harbor...more
2/5/2016
/ Article 29 Working Party (WP29) ,
Binding Corporate Rules ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
International Data Transfers ,
Ombudsman ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
US-EU Safe Harbor Framework
A political compromise has been reached on the new European Data Protection Regulation. On December 15, 2015, the negotiators in the so-called “informal trilogue” between the Council, the Parliament and the European...more
Almost four years after the European Commission introduced their draft for a new European Data Protection Regulation, negotiators of the European Parliament and Council are close to agreeing on a compromise text, set for...more
On November 6, the European Commission issued a comprehensive Communication on the consequences of the Schrems Judgment of the Court of Justice of the European Union (ECJ). In the Communication, the Commission puts national...more
On October 26, the European Commissioner Vera Jourová addressed the Parliament Committee on Civil Liberties, Justice and Home Affairs to discuss the consequences of the Schrems Judgment of the Court of Justice of the European...more
An early Position Paper of the German data protection authority of Schleswig-Holstein on the Schrems Judgment of the Court of Justice of the European Union (ECJ) gave little hope for practical alternatives to Safe Harbor. On...more
10/27/2015
/ Article 29 Working Group ,
Binding Corporate Rules ,
Data Protection ,
Data Protection Authority ,
EU ,
European Court of Justice (ECJ) ,
Germany ,
International Data Transfers ,
Member State ,
Model Contracts ,
Schrems I & Schrems II
The so called Article 29 Working Party met on October 15, 2015 to discuss the consequences of the Schrems Judgment of the European Court of Justice (ECJ). On October 16, 2015, the Working Party published a Statement...more
10/19/2015
/ Article 29 Working Group ,
Binding Corporate Rules ,
Data Protection Authority ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
International Data Transfers ,
Judicial Redress Act ,
Legislative Agendas ,
Member State ,
Model Contracts ,
Schrems I & Schrems II
On October 6, the European Court of Justice ruled that Decision 2000/520 of the European Commission, which stated that Safe Harbor-certified US companies provide adequate protection for personal data transferred to them from...more
10/7/2015
/ Binding Corporate Rules ,
Data Protection Authority ,
EU ,
EU Data Protection Laws ,
EU Directive ,
European Commission ,
European Court of Justice (ECJ) ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Member State ,
Model Contracts ,
US-EU Safe Harbor Framework
On September 23, the European Court of Justice heard the case which will determine whether US companies can rely on Safe Harbor as a measure to provide adequate privacy protection for personal data imported from the European...more