Compliance Perspectives: The End of the Privacy Shield
Nota Bene Episode 89: European Q3 Check In - Merger Clearance and Data Protection Court Rulings and Brexit Updates with Oliver Heinisch
The Court of Justice of the European Union (CJEU) has made a landmark decision (7 March 2024, C-604/22) on the intricacies of adtech, personal data, and joint control against the background of the General Data Protection...more
Employers around the world are increasingly using artificial intelligence (AI) to optimize many facets of their business operations, ranging from screening job applications and assigning tasks in real time to evaluating...more
Welcome to your monthly rundown of all things cyber, privacy, and technology, where we highlight all the happenings you may have missed....more
On June 10, 2023 the European Commission (the “Commission”) issued an adequacy decision on the new EU-U.S. Data Privacy Framework (the “DPF”). The decision restored free transfer of data between the EU and U.S. after three...more
In this Essential Guide, which is part of Orrick’s Cybersecurity & Privacy Compass Series, we will provide insight into the potential fines that companies may face for violating the General Data Protection Regulation...more
On July 10th, the European Commission issued its Implementing Decision regarding the adequacy of the EU-UD Data Privacy Framework (“DPF”). The Decision has been eagerly awaited by US and Europe based commerce, hoping it will...more
On July 10, 2023, the European Commission adopted its adequacy decision on data transfers for the EU-U.S. (European Union/United States) Data Privacy Framework (DPF). The adequacy decision concluded that the United States...more
On July 10, 2023, the European Commission (“EC”) adopted its adequacy decision for the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”). Nearly three years after the Court of Justice of the European Union (“CJEU”)...more
The European Commission approved a new adequacy decision on the EU-US Data Privacy Framework on July 10, 2023. The European Commission issued a press release, stating that "[T]he decision concludes that the United States...more
The Court of Justice of the European Union (CJEU) published its decision in the case of J.M. v Pankki S (Case C‑579/21) on 22 June 2023....more
On June 22, the Court of Justice of the European Union (CJEU) issued a judgment concluding that banks are not exempt from providing information upon request about when and why an individual’s data was accessed. However, banks...more
In Short - The Situation: There has been uncertainty over the circumstances in which data subjects can claim compensation for "mere" infringement of their rights without specific evidence of harm. On May 4, 2023, the Court...more
It has been a long time coming, but the other shoe has finally dropped. Ireland’s Data Protection Commission (DPC) fined Meta Platforms Ireland (parent of Facebook Ireland) €1.2 billion, the highest fine to date under the...more
The Court of Justice of the European Union (CJEU) issued on 4 May 2023 three decisions in cases concerning interpretation of key aspects of the GDPR. It also published three opinions of the Advocate General (AG). Below is a...more
On May 4, the Court of Justice of the European Union (CJEU) issued a judgment concluding that while not every infringement of the EU’s data protection law gives rise, by itself, to a right to compensation, non-material damage...more
By its much anticipated judgment of 4 May 2023, the European Court of Justice (CJEU) specified the requirements under which data subjects affected by a breach of the GDPR can claim for compensation of non-material damages...more
On 4 May 2023 the European Court of Justice ("CJEU") published its decision (case no. C-300/21) in which it ruled that not any infringement of the General Data Protection Regulation ("GDPR") triggers the right to compensation...more
On 4 May 2023, the Court of Justice of the European Union (CJEU) delivered its decision in the Österreichische Post case (Case C-300/21), in essence deciding that a mere infringement of the General Data Protection Regulation...more
The Court of Justice of the European Union (CJEU) considered appropriate conditions that apply in respect of specific national legislation which EU member states may adopt under Article 88 GDPR to regulate the processing of...more
The European Data Protection Board (EDPB) issued its opinion on the draft adequacy decision of the European Commission (Draft Decision) regarding the EU-US Data Privacy Framework (DPF) on 28 February 2023. The DPF is a...more
In this month’s Privacy & Cybersecurity Update, we analyze recent fines against Meta and their impact on the future of behavioral advertising, the timeline for the California Privacy Rights Act’s regulations to become...more
Background Note: Data privacy has become a critical issue in the digital era, with laws and regulations constantly evolving. As a result, it’s important for cybersecurity, information governance, and legal discovery...more
Expect another year of regulatory ambiguity for international data privacy laws in 2023, as the European Commission reviews the EU-US Data Privacy Framework. European Union courts indicate increased scrutiny for behavioral...more
On December 13, 2022, the European Commission published its draft adequacy decision recognizing the essential equivalence of U.S. data protection standards, laying the foundations for finalization of the European Union...more
The Court of Justice of the European Union (CJEU) delivered its judgment in Case C-154/21 Österreichische Post (the Österreichische Post case) on 12 January 2023. The case relates to the interpretation of Art. 15(1)(c) GDPR,...more